Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ihNipdQaIz.exe

Overview

General Information

Sample name:ihNipdQaIz.exe
renamed because original name is a hash value
Original sample name:a540b68cbb2ebdfab541c5c682d759fa0f15b0d38b297bf538fc89945e288fef.exe
Analysis ID:1577185
MD5:90928b7ed0cccca847c033a104b86507
SHA1:3d548dffc52787ee41ef8faf8aeccd8e613dcbc1
SHA256:a540b68cbb2ebdfab541c5c682d759fa0f15b0d38b297bf538fc89945e288fef
Tags:130-193-51-109exeuser-JAMESWT_MHT
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Found pyInstaller with non standard icon
Uses known network protocols on non-standard ports
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • ihNipdQaIz.exe (PID: 6328 cmdline: "C:\Users\user\Desktop\ihNipdQaIz.exe" MD5: 90928B7ED0CCCCA847C033A104B86507)
    • ihNipdQaIz.exe (PID: 7160 cmdline: "C:\Users\user\Desktop\ihNipdQaIz.exe" MD5: 90928B7ED0CCCCA847C033A104B86507)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: ihNipdQaIz.exeVirustotal: Detection: 42%Perma Link
Source: ihNipdQaIz.exeReversingLabs: Detection: 31%
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7F4C28 EVP_MAC_CTX_free,CRYPTO_free,2_2_00007FFB0B7F4C28
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B816C40 CRYPTO_realloc,2_2_00007FFB0B816C40
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C11A9 EVP_MAC_CTX_free,CRYPTO_free,2_2_00007FFB0B7C11A9
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C2464 CRYPTO_memcmp,ERR_new,ERR_set_debug,memchr,ERR_new,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFB0B7C2464
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1F87 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FFB0B7C1F87
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C4BD0 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFB0B7C4BD0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7DEC00 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,2_2_00007FFB0B7DEC00
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B802C10 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FFB0B802C10
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C213F EVP_CIPHER_get_mode,EVP_CIPHER_get_mode,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FFB0B7C213F
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7DCB40 CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,EVP_MD_get0_provider,EVP_MD_free,EVP_MD_get0_provider,EVP_MD_free,EVP_CIPHER_get0_provider,EVP_CIPHER_free,EVP_MD_get0_provider,EVP_MD_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,CRYPTO_free,2_2_00007FFB0B7DCB40
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7EEB40 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,_time64,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,ERR_new,ERR_set_debug,CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,memcpy,2_2_00007FFB0B7EEB40
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C110E EVP_PKEY_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_DigestVerifyInit_ex,ERR_new,ERR_set_debug,ERR_new,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,2_2_00007FFB0B7C110E
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C4B10 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFB0B7C4B10
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1A32 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,2_2_00007FFB0B7C1A32
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C20E0 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFB0B7C20E0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C117C _time64,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FFB0B7C117C
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B808A90 CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FFB0B808A90
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B82A930 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FFB0B82A930
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C2365 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,CRYPTO_free,2_2_00007FFB0B7C2365
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C17F8 EVP_MD_CTX_new,EVP_PKEY_new_raw_private_key_ex,EVP_DigestSignInit_ex,EVP_DigestSign,EVP_MD_CTX_free,EVP_PKEY_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,_time64,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFB0B7C17F8
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7DE948 CRYPTO_free,2_2_00007FFB0B7DE948
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1811 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FFB0B7C1811
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7D4980 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_snprintf,2_2_00007FFB0B7D4980
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7D6990 CRYPTO_THREAD_run_once,OPENSSL_sk_find,OPENSSL_sk_value,EVP_CIPHER_fetch,EVP_CIPHER_get_flags,2_2_00007FFB0B7D6990
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1181 CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFB0B7C1181
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C13DE EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get_security_bits,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_free,EVP_PKEY_get_bn_param,EVP_PKEY_get_bn_param,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,BN_num_bits,BN_num_bits,memset,BN_num_bits,BN_bn2bin,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,ERR_set_debug,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,ERR_set_debug,EVP_DigestSign,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,BN_free,BN_free,BN_free,BN_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFB0B7C13DE
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1A41 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFB0B7C1A41
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1A05 ERR_new,ERR_set_debug,ERR_set_error,ASN1_item_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,_time64,X509_free,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ASN1_item_free,2_2_00007FFB0B7C1A05
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1B90 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FFB0B7C1B90
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7CF060 CRYPTO_free,CRYPTO_memdup,2_2_00007FFB0B7CF060
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C4FA0 CRYPTO_free,2_2_00007FFB0B7C4FA0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1393 OSSL_PROVIDER_do_all,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,2_2_00007FFB0B7C1393
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B822F60 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,2_2_00007FFB0B822F60
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C2374 CRYPTO_free,2_2_00007FFB0B7C2374
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1677 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FFB0B7C1677
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1E65 ERR_new,ERR_set_debug,CRYPTO_clear_free,2_2_00007FFB0B7C1E65
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C105F ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_clear_free,2_2_00007FFB0B7C105F
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B810E50 CRYPTO_memcmp,2_2_00007FFB0B810E50
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B816E70 CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFB0B816E70
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7CCDC0 CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,memset,CRYPTO_free,2_2_00007FFB0B7CCDC0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C195B CRYPTO_zalloc,EVP_MAC_free,EVP_MAC_CTX_free,CRYPTO_free,2_2_00007FFB0B7C195B
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B820D30 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFB0B820D30
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C21E4 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,2_2_00007FFB0B7C21E4
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7ECD30 CRYPTO_THREAD_write_lock,OPENSSL_sk_new_null,OPENSSL_LH_delete,OPENSSL_sk_push,OPENSSL_LH_set_down_load,CRYPTO_THREAD_unlock,OPENSSL_sk_pop_free,2_2_00007FFB0B7ECD30
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1A23 BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,CRYPTO_strdup,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FFB0B7C1A23
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7F8D90 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFB0B7F8D90
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B82ACD0 CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFB0B82ACD0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C2112 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,2_2_00007FFB0B7C2112
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7E8D10 CRYPTO_free,EVP_PKEY_free,CRYPTO_free,2_2_00007FFB0B7E8D10
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1A0F ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get0_cipher,EVP_CIPHER_get_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,EVP_MD_get_size,CRYPTO_memcmp,ERR_set_mark,ERR_clear_last_mark,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_pop_to_mark,ERR_clear_last_mark,ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,strncmp,strncmp,strncmp,strncmp,strncmp,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFB0B7C1A0F
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C18B6 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFB0B7C18B6
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7D43A0 OPENSSL_sk_num,X509_STORE_CTX_new_ex,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_STORE_CTX_init,ERR_new,ERR_set_debug,ERR_set_error,X509_STORE_CTX_free,X509_STORE_CTX_set_flags,CRYPTO_THREAD_run_once,X509_STORE_CTX_set_ex_data,OPENSSL_sk_num,X509_STORE_CTX_set0_dane,X509_STORE_CTX_set_default,X509_VERIFY_PARAM_set1,X509_STORE_CTX_set_verify_cb,X509_verify_cert,X509_STORE_CTX_get_error,OPENSSL_sk_pop_free,X509_STORE_CTX_get0_chain,X509_STORE_CTX_get1_chain,ERR_new,ERR_set_debug,ERR_set_error,X509_VERIFY_PARAM_move_peername,X509_STORE_CTX_free,2_2_00007FFB0B7D43A0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C25EF CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,memcpy,memcmp,memcmp,memcmp,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_clear_free,2_2_00007FFB0B7C25EF
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C139D memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,2_2_00007FFB0B7C139D
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C23D8 EVP_MD_get_size,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_clear_free,CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FFB0B7C23D8
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B818350 CRYPTO_free,CRYPTO_strndup,2_2_00007FFB0B818350
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7E0380 X509_VERIFY_PARAM_free,CRYPTO_free_ex_data,BIO_pop,BIO_free,BIO_free_all,BIO_free_all,BUF_MEM_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,SCT_LIST_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,ASYNC_WAIT_CTX_free,CRYPTO_free,OPENSSL_sk_free,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FFB0B7E0380
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C2180 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FFB0B7C2180
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B83A2C0 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,EVP_PKEY_CTX_set_rsa_padding,OSSL_PARAM_construct_uint,OSSL_PARAM_construct_end,EVP_PKEY_CTX_set_params,EVP_PKEY_decrypt,OPENSSL_cleanse,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_CTX_free,2_2_00007FFB0B83A2C0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B8322F0 CRYPTO_free,CRYPTO_memdup,2_2_00007FFB0B8322F0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C4300 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFB0B7C4300
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7DE227 CRYPTO_THREAD_write_lock,2_2_00007FFB0B7DE227
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B804230 CRYPTO_malloc,memset,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FFB0B804230
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B802230 ERR_new,ERR_set_debug,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,BN_clear_free,2_2_00007FFB0B802230
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1389 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFB0B7C1389
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C198D CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FFB0B7C198D
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B80E260 CRYPTO_free,2_2_00007FFB0B80E260
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1401 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,2_2_00007FFB0B7C1401
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1B54 memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,memcmp,EVP_CIPHER_CTX_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,memcpy,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFB0B7C1B54
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7E21C0 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_dup,X509_VERIFY_PARAM_new,X509_VERIFY_PARAM_inherit,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_malloc,memcpy,CRYPTO_new_ex_data,2_2_00007FFB0B7E21C0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7D21F0 CRYPTO_THREAD_run_once,2_2_00007FFB0B7D21F0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B80E200 CRYPTO_free,2_2_00007FFB0B80E200
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B8180A0 CRYPTO_free,CRYPTO_memdup,2_2_00007FFB0B8180A0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1893 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_strdup,ERR_new,ERR_set_debug,2_2_00007FFB0B7C1893
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B80E0C1 CRYPTO_free,CRYPTO_free,2_2_00007FFB0B80E0C1
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C24C8 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,2_2_00007FFB0B7C24C8
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C26DF BIO_s_file,BIO_new,ERR_new,ERR_set_debug,BIO_ctrl,ERR_new,ERR_set_debug,strncmp,ERR_new,ERR_set_debug,strncmp,CRYPTO_realloc,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_free,2_2_00007FFB0B7C26DF
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B824110 ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_encrypt_init,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,2_2_00007FFB0B824110
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1140 CRYPTO_free,2_2_00007FFB0B7C1140
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C2577 ERR_new,ERR_set_debug,CRYPTO_free,BIO_clear_flags,BIO_set_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_cleanse,2_2_00007FFB0B7C2577
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C17DF ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFB0B7C17DF
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7D47F0 i2d_X509_NAME,i2d_X509_NAME,memcmp,CRYPTO_free,CRYPTO_free,2_2_00007FFB0B7D47F0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B808810 CRYPTO_malloc,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FFB0B808810
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C136B ERR_new,ERR_set_debug,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,ERR_new,ERR_set_debug,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFB0B7C136B
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B834809 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFB0B834809
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C17E9 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,memcmp,ERR_new,CRYPTO_memdup,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFB0B7C17E9
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1771 CRYPTO_free,2_2_00007FFB0B7C1771
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7E6758 CRYPTO_malloc,ERR_new,ERR_set_debug,CRYPTO_clear_free,OPENSSL_LH_num_items,OPENSSL_LH_num_items,2_2_00007FFB0B7E6758
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C22D4 CRYPTO_malloc,CONF_parse_list,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,2_2_00007FFB0B7C22D4
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B83A770 BN_bin2bn,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFB0B83A770
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7D4790 CRYPTO_get_ex_new_index,2_2_00007FFB0B7D4790
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B8086D0 OPENSSL_cleanse,CRYPTO_free,2_2_00007FFB0B8086D0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C26AD ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,2_2_00007FFB0B7C26AD
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C14CE CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFB0B7C14CE
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B8266E0 CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFB0B8266E0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B8326E0 CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_fetch,EVP_CIPHER_get_iv_length,RAND_bytes_ex,EVP_CIPHER_free,EVP_EncryptUpdate,EVP_EncryptFinal,ERR_new,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get_iv_length,ERR_new,ERR_new,CRYPTO_free,EVP_CIPHER_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_CIPHER_CTX_free,2_2_00007FFB0B8326E0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B820700 ERR_new,ERR_set_debug,CRYPTO_clear_free,2_2_00007FFB0B820700
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1CA3 CRYPTO_strdup,CRYPTO_free,2_2_00007FFB0B7C1CA3
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B808620 CRYPTO_free,2_2_00007FFB0B808620
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C114F CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FFB0B7C114F
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1212 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FFB0B7C1212
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C241E CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFB0B7C241E
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B80E5A0 CRYPTO_free,2_2_00007FFB0B80E5A0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B8025D0 SRP_Calc_u_ex,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,BN_clear_free,BN_clear_free,2_2_00007FFB0B8025D0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7EE5E0 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FFB0B7EE5E0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7DA600 CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,2_2_00007FFB0B7DA600
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C120D EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memset,2_2_00007FFB0B7C120D
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1492 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,2_2_00007FFB0B7C1492
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B824540 BN_num_bits,BN_bn2bin,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFB0B824540
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B80E540 CRYPTO_free,2_2_00007FFB0B80E540
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1488 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFB0B7C1488
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C84B0 CRYPTO_zalloc,CRYPTO_free,2_2_00007FFB0B7C84B0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1F23 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,2_2_00007FFB0B7C1F23
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B832510 CRYPTO_free,CRYPTO_strndup,2_2_00007FFB0B832510
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1361 CRYPTO_malloc,EVP_PKEY_set_type,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_CTX_free,ERR_pop_to_mark,CRYPTO_free,EVP_PKEY_free,2_2_00007FFB0B7C1361
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C5C53 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_set_init,BIO_set_data,BIO_clear_flags,2_2_00007FFB0B7C5C53
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C222A ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,2_2_00007FFB0B7C222A
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C267B CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FFB0B7C267B
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C23E7 CRYPTO_free,CRYPTO_memdup,2_2_00007FFB0B7C23E7
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1CEE CRYPTO_malloc,memset,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,OPENSSL_cleanse,2_2_00007FFB0B7C1CEE
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C150F OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_new_reserve,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_VERIFY_PARAM_get_depth,CRYPTO_dup_ex_data,X509_VERIFY_PARAM_inherit,OPENSSL_sk_dup,OPENSSL_sk_dup,2_2_00007FFB0B7C150F
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7D3B30 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FFB0B7D3B30
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B82BB70 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFB0B82BB70
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B80DB60 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFB0B80DB60
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1C53 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FFB0B7C1C53
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C13D9 OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_pop_free,2_2_00007FFB0B7C13D9
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C23EC CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,2_2_00007FFB0B7C23EC
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B80DAF0 CRYPTO_free,2_2_00007FFB0B80DAF0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7E5AE0 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFB0B7E5AE0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B825B10 EVP_CIPHER_CTX_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFB0B825B10
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7D5B10 COMP_zlib,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,COMP_get_name,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,2_2_00007FFB0B7D5B10
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C271B CRYPTO_free,CRYPTO_strdup,2_2_00007FFB0B7C271B
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B817A40 CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFB0B817A40
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C204A CRYPTO_free,CRYPTO_malloc,ERR_new,RAND_bytes_ex,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFB0B7C204A
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7E59F0 CRYPTO_free,CRYPTO_free,2_2_00007FFB0B7E59F0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1A16 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FFB0B7C1A16
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7D5A10 OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,2_2_00007FFB0B7D5A10
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1D84 CRYPTO_free,CRYPTO_memdup,2_2_00007FFB0B7C1D84
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7D7980 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_malloc,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,strncmp,CRYPTO_free,CRYPTO_free,OPENSSL_sk_new_null,CRYPTO_free,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_push,OPENSSL_sk_delete,OPENSSL_sk_num,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_free,CRYPTO_free,OPENSSL_sk_free,2_2_00007FFB0B7D7980
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C107D CRYPTO_free,2_2_00007FFB0B7C107D
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B8238A0 EVP_MD_CTX_new,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,CRYPTO_malloc,EVP_PKEY_CTX_ctrl,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,2_2_00007FFB0B8238A0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C2590 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FFB0B7C2590
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1B18 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,OPENSSL_cleanse,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,CRYPTO_memcmp,ERR_new,ERR_new,2_2_00007FFB0B7C1B18
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1B31 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFB0B7C1B31
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B81F8F0 CRYPTO_free,CRYPTO_strndup,2_2_00007FFB0B81F8F0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B80E040 CRYPTO_free,2_2_00007FFB0B80E040
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1AB4 CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFB0B7C1AB4
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7CDFB2 ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,2_2_00007FFB0B7CDFB2
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C103C CRYPTO_malloc,COMP_expand_block,2_2_00007FFB0B7C103C
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7F4000 CRYPTO_realloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFB0B7F4000
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C236F CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFB0B7C236F
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1AC3 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,2_2_00007FFB0B7C1AC3
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C2027 CRYPTO_free,2_2_00007FFB0B7C2027
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B831F70 CRYPTO_memcmp,2_2_00007FFB0B831F70
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1EDD CRYPTO_free,CRYPTO_strndup,CRYPTO_free,OPENSSL_cleanse,_time64,memcpy,EVP_MD_get0_name,EVP_MD_is_a,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFB0B7C1EDD
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1D8E EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,CRYPTO_zalloc,EVP_MAC_CTX_free,EVP_MAC_free,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_fetch,EVP_MAC_CTX_new,EVP_MAC_free,EVP_CIPHER_CTX_new,EVP_CIPHER_fetch,OSSL_PARAM_construct_utf8_string,OSSL_PARAM_construct_end,EVP_MAC_init,EVP_DecryptInit_ex,EVP_CIPHER_free,EVP_CIPHER_free,EVP_CIPHER_free,EVP_MAC_CTX_get_mac_size,EVP_CIPHER_CTX_get_iv_length,EVP_MAC_final,CRYPTO_memcmp,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,memcpy,ERR_clear_error,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_CTX_free,CRYPTO_free,2_2_00007FFB0B7C1D8E
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C3EB0 CRYPTO_free,2_2_00007FFB0B7C3EB0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7DBEC0 CRYPTO_free,CRYPTO_memdup,2_2_00007FFB0B7DBEC0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7CDEC0 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFB0B7CDEC0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B839F10 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFB0B839F10
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C16A4 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFB0B7C16A4
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7E1E60 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,2_2_00007FFB0B7E1E60
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C24E6 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFB0B7C24E6
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C5E80 BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,2_2_00007FFB0B7C5E80
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C15E6 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,memcpy,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFB0B7C15E6
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1CE9 memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFB0B7C1CE9
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B823D30 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_free,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_clear_free,CRYPTO_clear_free,2_2_00007FFB0B823D30
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1CBC EVP_MD_get_size,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,_time64,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFB0B7C1CBC
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7D5D80 CRYPTO_THREAD_run_once,2_2_00007FFB0B7D5D80
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1F37 CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FFB0B7C1F37
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B817CD0 CRYPTO_memcmp,2_2_00007FFB0B817CD0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C19DD BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,CRYPTO_free,CRYPTO_strdup,2_2_00007FFB0B7C19DD
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7E5CF0 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,d2i_X509,X509_get0_pubkey,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_free,OPENSSL_sk_new_null,OPENSSL_sk_push,ERR_new,ERR_set_debug,ERR_set_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFB0B7E5CF0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1F50 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FFB0B7C1F50
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B823420 ERR_new,ERR_set_debug,X509_get0_pubkey,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,CRYPTO_malloc,EVP_PKEY_encrypt_init,RAND_bytes_ex,EVP_MD_CTX_new,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,EVP_PKEY_CTX_ctrl,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_MD_CTX_free,2_2_00007FFB0B823420
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1023 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,2_2_00007FFB0B7C1023
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C193D CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFB0B7C193D
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7F3460 CRYPTO_malloc,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,memset,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,ERR_set_debug,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,ERR_set_mark,EVP_KEYMGMT_free,ERR_pop_to_mark,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFB0B7F3460
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B80F490 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFB0B80F490
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C144C EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,2_2_00007FFB0B7C144C
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1ACD ERR_new,ERR_set_debug,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,memcpy,ERR_new,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,2_2_00007FFB0B7C1ACD
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B809370 ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_set_mark,ERR_pop_to_mark,ERR_new,ERR_set_debug,ERR_clear_last_mark,EVP_MD_CTX_get0_md,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFB0B809370
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C11BD CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,CRYPTO_free,2_2_00007FFB0B7C11BD
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C230B ERR_new,ERR_set_debug,_time64,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_new,EVP_MD_fetch,ERR_new,ERR_new,ERR_set_debug,EVP_MD_free,EVP_MD_get_size,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_free,CRYPTO_free,2_2_00007FFB0B7C230B
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B8052A0 CRYPTO_free,2_2_00007FFB0B8052A0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B80D2F0 RAND_bytes_ex,CRYPTO_malloc,memset,2_2_00007FFB0B80D2F0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7CD2E1 CRYPTO_free,2_2_00007FFB0B7CD2E1
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B8112E0 ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,CRYPTO_free,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,2_2_00007FFB0B8112E0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1997 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_decapsulate,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,2_2_00007FFB0B7C1997
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1992 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,OPENSSL_LH_new,X509_STORE_new,CTLOG_STORE_new_ex,OPENSSL_sk_num,X509_VERIFY_PARAM_new,OPENSSL_sk_new_null,OPENSSL_sk_new_null,CRYPTO_new_ex_data,CRYPTO_secure_zalloc,RAND_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,ERR_new,ERR_set_debug,2_2_00007FFB0B7C1992
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1ED8 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_find,CRYPTO_free,ERR_new,ERR_set_debug,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFB0B7C1ED8
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C155A ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FFB0B7C155A
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1483 CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFB0B7C1483
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B823210 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,2_2_00007FFB0B823210
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7CB200 CRYPTO_clear_free,2_2_00007FFB0B7CB200
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B821126 CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFB0B821126
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7CD140 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFB0B7CD140
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B82D170 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,2_2_00007FFB0B82D170
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C111D CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,EVP_PKEY_up_ref,X509_up_ref,EVP_PKEY_up_ref,X509_chain_up_ref,CRYPTO_malloc,memcpy,CRYPTO_malloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,ERR_new,CRYPTO_malloc,memcpy,CRYPTO_memdup,X509_STORE_up_ref,X509_STORE_up_ref,CRYPTO_strdup,2_2_00007FFB0B7C111D
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C20EF CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFB0B7C20EF
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C2121 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memcmp,ERR_new,ERR_set_debug,_time64,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFB0B7C2121
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B82B0D0 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFB0B82B0D0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1262 X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,2_2_00007FFB0B7C1262
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7ED0C0 CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,2_2_00007FFB0B7ED0C0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B8110C0 CRYPTO_free,CRYPTO_memdup,2_2_00007FFB0B8110C0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C11DB EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FFB0B7C11DB
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C19E7 CRYPTO_free,2_2_00007FFB0B7C19E7
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C162C EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,ERR_set_debug,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_DigestSignUpdate,EVP_DigestSignFinal,CRYPTO_malloc,EVP_DigestSignFinal,ERR_new,ERR_new,EVP_DigestSign,ERR_new,CRYPTO_malloc,EVP_DigestSign,BUF_reverse,ERR_new,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_MD_CTX_free,2_2_00007FFB0B7C162C
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B837820 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_new,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_dup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_free,ERR_new,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,2_2_00007FFB0B837820
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1846 OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,OPENSSL_sk_push,OPENSSL_sk_num,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_pop_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_value,X509_get0_pubkey,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_shift,OPENSSL_sk_pop_free,ERR_new,ERR_set_debug,2_2_00007FFB0B7C1846
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B829850 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFB0B829850
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C586A BIO_get_data,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_set_init,BIO_clear_flags,BIO_get_data,BIO_set_shutdown,BIO_push,BIO_set_next,BIO_up_ref,BIO_set_init,2_2_00007FFB0B7C586A
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7E5870 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFB0B7E5870
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7D97B0 CRYPTO_free,CRYPTO_strdup,2_2_00007FFB0B7D97B0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7CF7F0 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,CRYPTO_malloc,EVP_PKEY_encapsulate,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_free,EVP_PKEY_CTX_free,2_2_00007FFB0B7CF7F0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C25D6 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,2_2_00007FFB0B7C25D6
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1087 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,2_2_00007FFB0B7C1087
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7D7730 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FFB0B7D7730
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7ED750 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,_time64,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FFB0B7ED750
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C108C ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFB0B7C108C
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B817770 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFB0B817770
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B839790 EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_clear_error,ASN1_item_d2i,ASN1_TYPE_get,ERR_new,ERR_set_debug,EVP_PKEY_decrypt,ERR_new,EVP_PKEY_CTX_ctrl,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,ASN1_item_free,2_2_00007FFB0B839790
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1582 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FFB0B7C1582
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C176C CRYPTO_malloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_up_ref,X509_chain_up_ref,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_dup_ex_data,CRYPTO_strdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_memdup,2_2_00007FFB0B7C176C
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1646 EVP_MD_CTX_new,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get_id,EVP_PKEY_get_id,EVP_PKEY_get_id,EVP_MD_get0_name,EVP_DigestVerifyInit_ex,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,BUF_reverse,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_MD_CTX_ctrl,ERR_new,ERR_set_debug,ERR_new,EVP_DigestVerify,ERR_new,ERR_new,ERR_new,ERR_set_debug,BIO_free,EVP_MD_CTX_free,CRYPTO_free,2_2_00007FFB0B7C1646
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B81F660 CRYPTO_free,CRYPTO_memdup,2_2_00007FFB0B81F660
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C2522 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFB0B7C2522
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B8035E0 CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,2_2_00007FFB0B8035E0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7CF540 EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_derive_set_peer,EVP_PKEY_is_a,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_derive,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,2_2_00007FFB0B7CF540
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B835540 CRYPTO_memcmp,2_2_00007FFB0B835540
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7D14E0 CRYPTO_free,CRYPTO_strndup,2_2_00007FFB0B7D14E0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C12CB CRYPTO_THREAD_run_once,2_2_00007FFB0B7C12CB
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB1BB16244 CRYPTO_memcmp,2_2_00007FFB1BB16244
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB1BB118E0 _Py_NoneStruct,_PyArg_UnpackKeywords,PyObject_GetBuffer,PyBuffer_IsContiguous,PyObject_GetBuffer,PyBuffer_IsContiguous,PyLong_AsUnsignedLong,PyLong_AsUnsignedLong,PyLong_AsUnsignedLong,EVP_PBE_scrypt,PyBytes_FromStringAndSize,PyEval_SaveThread,EVP_PBE_scrypt,PyEval_RestoreThread,PyExc_ValueError,PyErr_SetString,PyBuffer_Release,PyBuffer_Release,PyLong_AsLong,PyErr_Occurred,PyLong_AsLong,PyErr_Occurred,PyExc_ValueError,PyExc_ValueError,PyErr_Format,_PyArg_BadArgument,_PyArg_BadArgument,_PyArg_BadArgument,PyExc_TypeError,PyErr_Occurred,PyExc_TypeError,PyErr_Occurred,PyExc_TypeError,PyErr_Occurred,PyExc_TypeError,_PyArg_BadArgument,_PyArg_BadArgument,PyExc_OverflowError,PyExc_OverflowError,_Py_Dealloc,PyExc_ValueError,2_2_00007FFB1BB118E0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user~1\AppData\Local\Temp\_MEI63282\setuptools\_vendor\wheel-0.43.0.dist-info\LICENSE.txtJump to behavior
Source: ihNipdQaIz.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: ihNipdQaIz.exe, 00000002.00000002.2624861167.00007FFB0C194000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: ihNipdQaIz.exe, 00000000.00000003.1376124727.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2623347470.00007FFB0B76F000.00000002.00000001.01000000.00000027.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: ihNipdQaIz.exe, 00000002.00000002.2624361830.00007FFB0BCD1000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: ihNipdQaIz.exe, 00000002.00000002.2623835541.00007FFB0B844000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: ihNipdQaIz.exe, 00000000.00000003.1350672908.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: ihNipdQaIz.exe, 00000000.00000003.1349103735.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2628882976.00007FFB1E873000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: ihNipdQaIz.exe, 00000002.00000002.2624361830.00007FFB0BC39000.00000002.00000001.01000000.00000011.sdmp, libcrypto-3.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: ihNipdQaIz.exe, 00000000.00000003.1349103735.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2628882976.00007FFB1E873000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: ihNipdQaIz.exe, 00000002.00000002.2624361830.00007FFB0BCD1000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: ihNipdQaIz.exe, 00000000.00000003.1350583896.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: ihNipdQaIz.exe, 00000000.00000003.1373035467.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2628275126.00007FFB1D5B3000.00000002.00000001.01000000.0000000C.sdmp, select.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: ihNipdQaIz.exe, 00000002.00000002.2628727039.00007FFB1E851000.00000002.00000001.01000000.00000007.sdmp, _ctypes.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: ihNipdQaIz.exe, 00000000.00000003.1350299896.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmp, _hashlib.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: ihNipdQaIz.exe, 00000000.00000003.1350411616.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2628440906.00007FFB1E3BC000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: ihNipdQaIz.exe, 00000000.00000003.1349286977.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, _asyncio.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: ihNipdQaIz.exe, 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmp, pyexpat.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: ihNipdQaIz.exe, 00000000.00000003.1350816924.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2628035394.00007FFB1D343000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: ihNipdQaIz.exe, 00000000.00000003.1350411616.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2628440906.00007FFB1E3BC000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: ihNipdQaIz.exe, 00000000.00000003.1349406406.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2628604412.00007FFB1E67D000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: ihNipdQaIz.exe, 00000000.00000003.1351264542.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2628151077.00007FFB1D4D4000.00000002.00000001.01000000.0000000D.sdmp, _wmi.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: ihNipdQaIz.exe, 00000000.00000003.1350932278.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2627820504.00007FFB1C259000.00000002.00000001.01000000.0000000B.sdmp, _socket.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: ihNipdQaIz.exe, 00000000.00000003.1351264542.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2628151077.00007FFB1D4D4000.00000002.00000001.01000000.0000000D.sdmp, _wmi.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: ihNipdQaIz.exe, 00000000.00000003.1362893494.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2620611651.0000020F958B0000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdb source: ihNipdQaIz.exe, 00000002.00000002.2623835541.00007FFB0B844000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: ihNipdQaIz.exe, 00000002.00000002.2627415338.00007FFB1BA8D000.00000002.00000001.01000000.00000012.sdmp, _ssl.pyd.0.dr
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC4F92F0 FindFirstFileExW,FindClose,0_2_00007FF7EC4F92F0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC5118E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF7EC5118E4
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC4F83B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF7EC4F83B0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC4F92F0 FindFirstFileExW,FindClose,2_2_00007FF7EC4F92F0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC5118E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF7EC5118E4
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC4F83B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,2_2_00007FF7EC4F83B0

Networking

barindex
Uses known network protocols on non-standard ports
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 3000
Source: global trafficTCP traffic: 192.168.2.7:49718 -> 130.193.51.109:3000
Source: unknownTCP traffic detected without corresponding DNS query: 130.193.51.109
Source: unknownTCP traffic detected without corresponding DNS query: 130.193.51.109
Source: unknownTCP traffic detected without corresponding DNS query: 130.193.51.109
Source: unknownTCP traffic detected without corresponding DNS query: 130.193.51.109
Source: unknownTCP traffic detected without corresponding DNS query: 130.193.51.109
Source: unknownTCP traffic detected without corresponding DNS query: 130.193.51.109
Source: unknownHTTP traffic detected: POST /receive_info HTTP/1.1Host: 130.193.51.109:3000User-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflateAccept: */*Connection: keep-aliveContent-Length: 181Content-Type: application/json
Source: ihNipdQaIz.exe, 00000002.00000002.2622442807.0000020F96D10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
Source: ihNipdQaIz.exe, 00000002.00000002.2622882536.0000020F97000000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F9649C000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2622575040.0000020F96FB0000.00000004.00001000.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2622927627.0000020F9707B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://130.193.51.109:3000/receive_info
Source: ihNipdQaIz.exe, 00000002.00000002.2622575040.0000020F96FB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://130.193.51.109:3000/receive_infop
Source: ihNipdQaIz.exe, 00000002.00000002.2621076828.0000020F95F7F000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F9649C000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F9666D000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F965FD000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F9642A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
Source: ihNipdQaIz.exe, 00000000.00000003.1351264542.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349406406.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350583896.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1362893494.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350816924.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350299896.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1376124727.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1365116576.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350672908.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349286977.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1351089861.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1359465071.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1361145483.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1359678117.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350411616.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1358171801.000001DC5E900000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350128777.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350932278.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1373035467.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1358171801.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349715506.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: ihNipdQaIz.exe, 00000000.00000003.1351264542.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349406406.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350583896.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1362893494.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350816924.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350299896.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1376124727.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1365116576.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350672908.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349286977.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1351089861.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1359465071.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1361145483.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1359678117.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350411616.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350128777.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350932278.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1373035467.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1358171801.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349715506.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: ihNipdQaIz.exe, 00000000.00000003.1351264542.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349406406.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350583896.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1362893494.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350816924.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350299896.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1376124727.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1365116576.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350672908.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349286977.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1351089861.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1359465071.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1361145483.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1359678117.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350411616.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350128777.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350932278.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1373035467.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1358171801.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349715506.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: ihNipdQaIz.exe, 00000000.00000003.1351264542.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349406406.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350583896.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1362893494.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350816924.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350299896.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1376124727.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1365116576.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350672908.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349286977.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1351089861.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1359465071.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1361145483.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1359678117.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350411616.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1358171801.000001DC5E900000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350128777.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350932278.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1373035467.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1358171801.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349715506.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: ihNipdQaIz.exe, 00000002.00000003.1385351937.0000020F96390000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1389707611.0000020F965C9000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F96549000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F96370000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
Source: ihNipdQaIz.exe, 00000002.00000003.1387843035.0000020F963EF000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1386826666.0000020F964C7000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F963A0000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1385302485.0000020F964B0000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1386771666.0000020F964A9000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1384824301.0000020F96444000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1384824301.0000020F964B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577916/
Source: ihNipdQaIz.exe, 00000002.00000002.2621076828.0000020F95F7F000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2622882536.0000020F97000000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F9666D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F9666D000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2620369101.0000020F94042000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F966DB000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621076828.0000020F95E50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F9666D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: ihNipdQaIz.exe, 00000002.00000002.2622882536.0000020F97000000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F9666D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: ihNipdQaIz.exe, 00000002.00000002.2621076828.0000020F95F7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
Source: ihNipdQaIz.exe, 00000002.00000002.2622882536.0000020F97000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crlB8
Source: ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F966DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F9642A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F966DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F9642A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F966DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F9666D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F966DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl3
Source: ihNipdQaIz.exe, 00000000.00000003.1351264542.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349406406.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350583896.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1362893494.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350816924.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350299896.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1376124727.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1365116576.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350672908.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349286977.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1351089861.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1359465071.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1361145483.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1359678117.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350411616.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1358171801.000001DC5E900000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350128777.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350932278.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1373035467.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1358171801.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349715506.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: ihNipdQaIz.exe, 00000000.00000003.1351264542.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349406406.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350583896.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1362893494.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350816924.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350299896.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1376124727.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1365116576.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350672908.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349286977.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1351089861.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1359465071.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1361145483.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1359678117.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350411616.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350128777.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350932278.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1373035467.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1358171801.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349715506.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: ihNipdQaIz.exe, 00000000.00000003.1351264542.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349406406.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350583896.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1362893494.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350816924.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350299896.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1376124727.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1365116576.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350672908.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349286977.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1351089861.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1359465071.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1361145483.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1359678117.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350411616.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350128777.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350932278.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1373035467.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1358171801.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349715506.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: ihNipdQaIz.exe, 00000000.00000003.1351089861.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.cr
Source: _asyncio.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: ihNipdQaIz.exe, 00000000.00000003.1351264542.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349406406.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350583896.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1362893494.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350816924.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350299896.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1376124727.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1365116576.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350672908.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349286977.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1351089861.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1359465071.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1361145483.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1359678117.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350411616.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350128777.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350932278.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1373035467.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1358171801.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349715506.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F9649C000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F9666D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
Source: ihNipdQaIz.exe, 00000002.00000002.2621076828.0000020F95F7F000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F965FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
Source: ihNipdQaIz.exe, 00000002.00000002.2621076828.0000020F95F7F000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F965FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
Source: ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F9649C000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2622363255.0000020F96BC0000.00000004.00001000.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2622282683.0000020F96AC0000.00000004.00001000.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F965FD000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F963A0000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2622118327.0000020F96890000.00000004.00001000.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F96549000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
Source: ihNipdQaIz.exe, 00000002.00000002.2622442807.0000020F96E04000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: ihNipdQaIz.exe, 00000002.00000002.2622038674.0000020F96790000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/itertools.html#recipes
Source: ihNipdQaIz.exe, 00000002.00000002.2622038674.0000020F96790000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tar.gz
Source: ihNipdQaIz.exe, 00000002.00000002.2622038674.0000020F96790000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tgz
Source: ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F9666D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F9642A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
Source: ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F9666D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F9671F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
Source: ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F9671F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
Source: ihNipdQaIz.exe, 00000000.00000003.1351264542.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349406406.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350583896.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1362893494.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350816924.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350299896.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1376124727.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1365116576.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350672908.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349286977.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1351089861.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1359465071.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1361145483.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1359678117.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350411616.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350128777.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350932278.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1373035467.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1358171801.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349715506.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0
Source: ihNipdQaIz.exe, 00000000.00000003.1351264542.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349406406.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350583896.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1362893494.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350816924.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350299896.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1376124727.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1365116576.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350672908.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349286977.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1351089861.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1359465071.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1361145483.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1359678117.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350411616.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1358171801.000001DC5E900000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350128777.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350932278.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1373035467.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1358171801.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349715506.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: ihNipdQaIz.exe, 00000000.00000003.1351264542.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349406406.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350583896.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1362893494.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350816924.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350299896.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1376124727.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1365116576.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350672908.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349286977.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1351089861.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1359465071.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1361145483.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1359678117.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350411616.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1358171801.000001DC5E900000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350128777.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350932278.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1373035467.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1358171801.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349715506.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: ihNipdQaIz.exe, 00000000.00000003.1351264542.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349406406.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350583896.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1362893494.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350816924.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350299896.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1376124727.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1365116576.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350672908.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349286977.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1351089861.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1359465071.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1361145483.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1359678117.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350411616.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350128777.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350932278.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1373035467.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1358171801.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349715506.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: ihNipdQaIz.exe, 00000002.00000002.2621390069.0000020F96270000.00000004.00001000.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621311955.0000020F96150000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
Source: ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F966DB000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F9642A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
Source: ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F9649C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/1
Source: ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F966DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/V
Source: ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F963A0000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F9642A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc4880
Source: ihNipdQaIz.exe, 00000002.00000002.2622363255.0000020F96BC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5297
Source: ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F965FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5869
Source: ihNipdQaIz.exe, 00000002.00000002.2622442807.0000020F96D10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F9642A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
Source: ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F9671F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F9671F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F9671F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F9671F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F9671F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F9671F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
Source: ihNipdQaIz.exe, 00000000.00000003.1373753811.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, LICENSE0.0.drString found in binary or memory: http://www.apache.org/licenses/
Source: ihNipdQaIz.exe, 00000000.00000003.1375725127.000001DC5E902000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1373753811.000001DC5E901000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1373753811.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, LICENSE0.0.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: ihNipdQaIz.exe, 00000002.00000002.2621390069.0000020F96270000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: ihNipdQaIz.exe, 00000002.00000002.2622882536.0000020F97000000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F9649C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F965FD000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F9642A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
Source: ihNipdQaIz.exe, 00000000.00000003.1351264542.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349406406.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350583896.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1362893494.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350816924.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350299896.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1376124727.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1365116576.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350672908.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349286977.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1351089861.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1359465071.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1361145483.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1359678117.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350411616.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350128777.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1350932278.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1373035467.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1358171801.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1349715506.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F9671F000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621076828.0000020F95E50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
Source: ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F9649C000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1388633950.0000020F9649E000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1387686009.0000020F96549000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1387843035.0000020F9649C000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1389707611.0000020F96549000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F96549000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1389707611.0000020F9649C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F966DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
Source: ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F966DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F966DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cpso
Source: ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F9642A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rfc-editor.org/info/rfc7253
Source: ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F965FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
Source: ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F9663B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
Source: ihNipdQaIz.exe, 00000000.00000003.1374134610.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://blog.jaraco.com/skeleton
Source: ihNipdQaIz.exe, 00000002.00000002.2622199271.0000020F969C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue44497.
Source: ihNipdQaIz.exe, 00000000.00000003.1352953369.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io
Source: METADATA.0.drString found in binary or memory: https://cryptography.io/
Source: ihNipdQaIz.exe, 00000000.00000003.1352953369.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/changelog/
Source: ihNipdQaIz.exe, 00000000.00000003.1352953369.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/installation/
Source: ihNipdQaIz.exe, 00000000.00000003.1352953369.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/security/
Source: ihNipdQaIz.exe, 00000002.00000003.1383832017.0000020F95E7F000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621076828.0000020F95E50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
Source: ihNipdQaIz.exe, 00000002.00000002.2620701494.0000020F95900000.00000004.00001000.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1377844920.0000020F95A2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
Source: ihNipdQaIz.exe, 00000002.00000002.2620701494.0000020F9597C000.00000004.00001000.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1377844920.0000020F95A2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
Source: ihNipdQaIz.exe, 00000002.00000002.2620701494.0000020F9597C000.00000004.00001000.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1377844920.0000020F95A2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
Source: ihNipdQaIz.exe, 00000002.00000002.2620701494.0000020F9597C000.00000004.00001000.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1377844920.0000020F95A2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
Source: ihNipdQaIz.exe, 00000002.00000002.2620701494.0000020F9597C000.00000004.00001000.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1377844920.0000020F95A2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
Source: ihNipdQaIz.exe, 00000002.00000002.2620919569.0000020F95C40000.00000004.00001000.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1377844920.0000020F95A2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
Source: ihNipdQaIz.exe, 00000002.00000002.2620919569.0000020F95C40000.00000004.00001000.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1377844920.0000020F95A2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
Source: ihNipdQaIz.exe, 00000002.00000002.2620701494.0000020F9597C000.00000004.00001000.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1377844920.0000020F95A2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
Source: ihNipdQaIz.exe, 00000002.00000003.1377844920.0000020F95A2B000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2620369101.0000020F94042000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
Source: ihNipdQaIz.exe, 00000000.00000003.1374134610.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://docs.python.org/3/library/importlib.metadata.html
Source: ihNipdQaIz.exe, 00000002.00000002.2621076828.0000020F95E50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/multiprocessing.html
Source: ihNipdQaIz.exe, 00000002.00000002.2622575040.0000020F96F20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/socket.html#socket.socket.connect_ex
Source: ihNipdQaIz.exe, 00000000.00000003.1374134610.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://docs.python.org/3/reference/import.html#finders-and-loaders
Source: ihNipdQaIz.exe, 00000002.00000002.2622363255.0000020F96BC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: ihNipdQaIz.exe, 00000002.00000002.2622038674.0000020F96790000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
Source: ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F966B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: ihNipdQaIz.exe, 00000002.00000003.1377867750.0000020F940B2000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1377844920.0000020F95A2B000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2620369101.0000020F94042000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: ihNipdQaIz.exe, 00000000.00000003.1374134610.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/astral-sh/ruff
Source: ihNipdQaIz.exe, 00000002.00000002.2622038674.0000020F96790000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
Source: ihNipdQaIz.exe, 00000002.00000002.2622038674.0000020F96790000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/platformdirs/platformdirs
Source: ihNipdQaIz.exe, 00000002.00000002.2622575040.0000020F96F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/psf/requests/pull/6710
Source: ihNipdQaIz.exe, 00000000.00000003.1352953369.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography
Source: ihNipdQaIz.exe, 00000000.00000003.1352953369.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/
Source: ihNipdQaIz.exe, 00000000.00000003.1352953369.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
Source: METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/issues
Source: ihNipdQaIz.exe, 00000000.00000003.1352953369.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
Source: ihNipdQaIz.exe, 00000000.00000003.1375257164.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.md
Source: ihNipdQaIz.exe, 00000002.00000002.2621390069.0000020F96270000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packaging
Source: ihNipdQaIz.exe, 00000002.00000002.2622038674.0000020F96790000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/1024.
Source: ihNipdQaIz.exe, 00000002.00000002.2622199271.0000020F969C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/417#issuecomment-392298401
Source: ihNipdQaIz.exe, 00000002.00000002.2622199271.0000020F969C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/new?template=distutils-deprecation.yml
Source: ihNipdQaIz.exe, 00000000.00000003.1375257164.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/wheel
Source: ihNipdQaIz.exe, 00000000.00000003.1375257164.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/wheel/issues
Source: ihNipdQaIz.exe, 00000002.00000002.2620701494.0000020F9597C000.00000004.00001000.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1377844920.0000020F95A2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: ihNipdQaIz.exe, 00000002.00000002.2620369101.0000020F94042000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: ihNipdQaIz.exe, 00000002.00000003.1377867750.0000020F940B2000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1377844920.0000020F95A2B000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2620369101.0000020F94042000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: ihNipdQaIz.exe, 00000002.00000003.1382921045.0000020F95FE3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1386845864.0000020F95EDE000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1388684390.0000020F95EDE000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1384522189.0000020F95FEB000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1383801051.0000020F96007000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1383465880.0000020F95FED000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1384252605.0000020F95ED3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1383155722.0000020F95FF0000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1384252605.0000020F95FEA000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1383550651.0000020F95ED0000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1385831680.0000020F95EDE000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1383550651.0000020F95FED000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621076828.0000020F95E50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/issues/86361.
Source: METADATA0.0.drString found in binary or memory: https://github.com/python/importlib_metadata
Source: ihNipdQaIz.exe, 00000000.00000003.1374134610.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/python/importlib_metadata/actions/workflows/main.yml/badge.svg
Source: ihNipdQaIz.exe, 00000000.00000003.1374134610.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/python/importlib_metadata/actions?query=workflow%3A%22tests%22
Source: ihNipdQaIz.exe, 00000000.00000003.1374134610.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/python/importlib_metadata/issues
Source: ihNipdQaIz.exe, 00000002.00000003.1377867750.0000020F940B2000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1377844920.0000020F95A2B000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2620369101.0000020F94042000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: ihNipdQaIz.exe, 00000002.00000002.2622363255.0000020F96BC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F963A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: ihNipdQaIz.exe, 00000002.00000002.2622442807.0000020F96DF4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F966B1000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F9649C000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2620824197.0000020F95A3D000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F9642A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F9649C000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F9642A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
Source: ihNipdQaIz.exe, 00000002.00000002.2621076828.0000020F95E50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
Source: ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F9666D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: ihNipdQaIz.exe, 00000002.00000002.2620824197.0000020F95A3D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
Source: ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F96549000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
Source: ihNipdQaIz.exe, 00000002.00000002.2621076828.0000020F95E50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
Source: ihNipdQaIz.exe, 00000000.00000003.1374134610.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://img.shields.io/badge/skeleton-2024-informational
Source: ihNipdQaIz.exe, 00000000.00000003.1374134610.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/charliermarsh/ruff/main/assets
Source: ihNipdQaIz.exe, 00000000.00000003.1374134610.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://img.shields.io/pypi/pyversions/importlib_metadata.svg
Source: ihNipdQaIz.exe, 00000000.00000003.1352953369.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
Source: ihNipdQaIz.exe, 00000000.00000003.1374134610.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://img.shields.io/pypi/v/importlib_metadata.svg
Source: METADATA0.0.drString found in binary or memory: https://importlib-metadata.readthedocs.io/
Source: ihNipdQaIz.exe, 00000000.00000003.1374134610.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://importlib-metadata.readthedocs.io/en/latest/?badge=latest
Source: ihNipdQaIz.exe, 00000002.00000002.2621390069.0000020F96270000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
Source: ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F965FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
Source: ihNipdQaIz.exe, 00000002.00000003.1386771666.0000020F9644E000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1386771666.0000020F964A9000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621076828.0000020F95E50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: ihNipdQaIz.exe, 00000000.00000003.1352953369.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
Source: ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F965FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
Source: ihNipdQaIz.exe, 00000002.00000002.2622282683.0000020F96AC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/guides/packaging-namespace-packages/.
Source: ihNipdQaIz.exe, 00000002.00000002.2622363255.0000020F96BC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/core-metadata/
Source: ihNipdQaIz.exe, 00000002.00000002.2622282683.0000020F96AC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/
Source: ihNipdQaIz.exe, 00000002.00000002.2622282683.0000020F96AC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/All
Source: ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F9649C000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1389707611.0000020F9649C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/pyproject-toml/#declaring-project-metadata-the
Source: ihNipdQaIz.exe, 00000002.00000002.2622199271.0000020F969C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
Source: ihNipdQaIz.exe, 00000002.00000002.2621311955.0000020F96150000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://peps.python.org/pep-0205/
Source: ihNipdQaIz.exe, 00000002.00000002.2624861167.00007FFB0C194000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://peps.python.org/pep-0263/
Source: ihNipdQaIz.exe, 00000002.00000002.2622363255.0000020F96BC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0685/
Source: ihNipdQaIz.exe, 00000002.00000002.2622282683.0000020F96AC0000.00000004.00001000.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2622118327.0000020F96890000.00000004.00001000.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2622199271.0000020F969C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/build/).
Source: ihNipdQaIz.exe, 00000000.00000003.1352953369.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://pypi.org/project/cryptography/
Source: ihNipdQaIz.exe, 00000000.00000003.1374134610.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://pypi.org/project/importlib_metadata
Source: ihNipdQaIz.exe, 00000000.00000003.1375257164.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/setuptools/
Source: ihNipdQaIz.exe, 00000000.00000003.1352953369.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
Source: ihNipdQaIz.exe, 00000000.00000003.1374134610.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://readthedocs.org/projects/importlib-metadata/badge/?version=latest
Source: ihNipdQaIz.exe, 00000002.00000002.2622038674.0000020F96790000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
Source: ihNipdQaIz.exe, 00000002.00000002.2622575040.0000020F96F30000.00000004.00001000.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621076828.0000020F95E50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
Source: ihNipdQaIz.exe, 00000002.00000002.2622282683.0000020F96AC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/
Source: ihNipdQaIz.exe, 00000002.00000003.1381310226.0000020F95FFE000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1381063345.0000020F95FE8000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1381386324.0000020F96000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html
Source: ihNipdQaIz.exe, 00000002.00000002.2620824197.0000020F95A3D000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1381213325.0000020F95F98000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1381136950.0000020F95F2C000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1381310226.0000020F95FFE000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1381310226.0000020F95F9E000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1381063345.0000020F95FE8000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1381386324.0000020F96000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
Source: ihNipdQaIz.exe, 00000002.00000002.2621233226.0000020F96050000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages
Source: ihNipdQaIz.exe, 00000002.00000003.1381063345.0000020F95FBA000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1381310226.0000020F95FFE000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1381063345.0000020F95FE8000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1381386324.0000020F96000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:
Source: ihNipdQaIz.exe, 00000002.00000003.1381063345.0000020F95FBA000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1381310226.0000020F95FFE000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1381063345.0000020F95FE8000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1381386324.0000020F96000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:r;Nr
Source: ihNipdQaIz.exe, 00000000.00000003.1374134610.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://tidelift.com/badges/package/pypi/importlib-metadata
Source: METADATA0.0.drString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-importlib-metadata?utm_source=pypi-importlib-metadata&utm
Source: ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F96549000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: ihNipdQaIz.exe, 00000002.00000002.2621076828.0000020F95F7F000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F965FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3610
Source: ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F965FD000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F9642A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5297
Source: ihNipdQaIz.exe, 00000002.00000002.2620824197.0000020F95A00000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1388633950.0000020F9649E000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1387843035.0000020F9649C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7231#section-4.3.6)
Source: ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F966B1000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2620824197.0000020F95A3D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: ihNipdQaIz.exe, 00000002.00000002.2622442807.0000020F96D10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: ihNipdQaIz.exe, 00000002.00000002.2622363255.0000020F96BC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: ihNipdQaIz.exe, 00000000.00000003.1375257164.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wheel.readthedocs.io/
Source: ihNipdQaIz.exe, 00000000.00000003.1375257164.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wheel.readthedocs.io/en/stable/news.html
Source: ihNipdQaIz.exe, 00000002.00000003.1387843035.0000020F9642A000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1386826666.0000020F964C7000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1385302485.0000020F964B0000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1386771666.0000020F964A9000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1384824301.0000020F96444000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1384824301.0000020F964B0000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F9642A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gz
Source: ihNipdQaIz.exe, 00000000.00000003.1353803291.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/
Source: ihNipdQaIz.exe, 00000000.00000003.1353803291.000001DC5E901000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1353977445.000001DC5E902000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1353803291.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
Source: ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F965FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
Source: ihNipdQaIz.exe, 00000000.00000003.1359678117.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2623882257.00007FFB0B87F000.00000002.00000001.01000000.00000013.sdmp, ihNipdQaIz.exe, 00000002.00000002.2624606504.00007FFB0BD7A000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://www.openssl.org/H
Source: ihNipdQaIz.exe, 00000002.00000002.2621076828.0000020F95E50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
Source: ihNipdQaIz.exe, 00000002.00000003.1386771666.0000020F9644E000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1386771666.0000020F964A9000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621076828.0000020F95E50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
Source: ihNipdQaIz.exe, 00000000.00000003.1375257164.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/dev/peps/pep-0427/
Source: ihNipdQaIz.exe, 00000002.00000002.2620701494.0000020F95900000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: ihNipdQaIz.exe, 00000002.00000002.2625203044.00007FFB0C30C000.00000008.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.python.org/psf/license/
Source: ihNipdQaIz.exe, 00000002.00000002.2624861167.00007FFB0C194000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.python.org/psf/license/)
Source: ihNipdQaIz.exe, 00000002.00000002.2622882536.0000020F97000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
Source: ihNipdQaIz.exe, 00000002.00000002.2622882536.0000020F97000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0bo
Source: ihNipdQaIz.exe, 00000002.00000002.2621076828.0000020F95F7F000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F9666D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F9649C000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F9642A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC4F10000_2_00007FF7EC4F1000
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC5109380_2_00007FF7EC510938
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC5169D40_2_00007FF7EC5169D4
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC4F8BD00_2_00007FF7EC4F8BD0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC515C700_2_00007FF7EC515C70
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC4FAD1D0_2_00007FF7EC4FAD1D
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC5036100_2_00007FF7EC503610
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC50E5E00_2_00007FF7EC50E5E0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC505DA00_2_00007FF7EC505DA0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC501DC40_2_00007FF7EC501DC4
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC509F100_2_00007FF7EC509F10
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC515EEC0_2_00007FF7EC515EEC
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC50DF600_2_00007FF7EC50DF60
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC5088040_2_00007FF7EC508804
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC5017B00_2_00007FF7EC5017B0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC5197980_2_00007FF7EC519798
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC501FD00_2_00007FF7EC501FD0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC4F98700_2_00007FF7EC4F9870
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC5118E40_2_00007FF7EC5118E4
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC5081540_2_00007FF7EC508154
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC51411C0_2_00007FF7EC51411C
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC503A140_2_00007FF7EC503A14
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC5019B40_2_00007FF7EC5019B4
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC5021D40_2_00007FF7EC5021D4
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC50DACC0_2_00007FF7EC50DACC
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC4FA34B0_2_00007FF7EC4FA34B
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC501BC00_2_00007FF7EC501BC0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC513C800_2_00007FF7EC513C80
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC5164880_2_00007FF7EC516488
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC5109380_2_00007FF7EC510938
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC502C800_2_00007FF7EC502C80
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC4FA4E40_2_00007FF7EC4FA4E4
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC4F10002_2_00007FF7EC4F1000
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC5169D42_2_00007FF7EC5169D4
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC4FAD1D2_2_00007FF7EC4FAD1D
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC5036102_2_00007FF7EC503610
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC50E5E02_2_00007FF7EC50E5E0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC505DA02_2_00007FF7EC505DA0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC501DC42_2_00007FF7EC501DC4
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC509F102_2_00007FF7EC509F10
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC515EEC2_2_00007FF7EC515EEC
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC50DF602_2_00007FF7EC50DF60
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC5088042_2_00007FF7EC508804
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC5017B02_2_00007FF7EC5017B0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC5197982_2_00007FF7EC519798
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC501FD02_2_00007FF7EC501FD0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC4F98702_2_00007FF7EC4F9870
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC5118E42_2_00007FF7EC5118E4
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC5109382_2_00007FF7EC510938
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC5081542_2_00007FF7EC508154
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC51411C2_2_00007FF7EC51411C
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC503A142_2_00007FF7EC503A14
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC5019B42_2_00007FF7EC5019B4
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC5021D42_2_00007FF7EC5021D4
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC50DACC2_2_00007FF7EC50DACC
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC4FA34B2_2_00007FF7EC4FA34B
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC4F8BD02_2_00007FF7EC4F8BD0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC501BC02_2_00007FF7EC501BC0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC513C802_2_00007FF7EC513C80
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC5164882_2_00007FF7EC516488
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC5109382_2_00007FF7EC510938
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC502C802_2_00007FF7EC502C80
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC515C702_2_00007FF7EC515C70
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC4FA4E42_2_00007FF7EC4FA4E4
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B6612F02_2_00007FFB0B6612F0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B6618A02_2_00007FFB0B6618A0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C149C2_2_00007FFB0B7C149C
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C24D72_2_00007FFB0B7C24D7
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C117C2_2_00007FFB0B7C117C
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C16182_2_00007FFB0B7C1618
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C26FD2_2_00007FFB0B7C26FD
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C26122_2_00007FFB0B7C2612
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C17F82_2_00007FFB0B7C17F8
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C13DE2_2_00007FFB0B7C13DE
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1C122_2_00007FFB0B7C1C12
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C21C12_2_00007FFB0B7C21C1
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1A0F2_2_00007FFB0B7C1A0F
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7F83F02_2_00007FFB0B7F83F0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1B542_2_00007FFB0B7C1B54
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C116D2_2_00007FFB0B7C116D
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C143D2_2_00007FFB0B7C143D
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B8326E02_2_00007FFB0B8326E0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C86302_2_00007FFB0B7C8630
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B82C5302_2_00007FFB0B82C530
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C16FE2_2_00007FFB0B7C16FE
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B839B302_2_00007FFB0B839B30
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1AD72_2_00007FFB0B7C1AD7
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C21DF2_2_00007FFB0B7C21DF
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C15962_2_00007FFB0B7C1596
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1EDD2_2_00007FFB0B7C1EDD
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1D8E2_2_00007FFB0B7C1D8E
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1CBC2_2_00007FFB0B7C1CBC
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7E5CF02_2_00007FFB0B7E5CF0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C1FD72_2_00007FFB0B7C1FD7
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B8093702_2_00007FFB0B809370
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B80D2F02_2_00007FFB0B80D2F0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C155A2_2_00007FFB0B7C155A
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7D70B02_2_00007FFB0B7D70B0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C15462_2_00007FFB0B7C1546
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B80D7C02_2_00007FFB0B80D7C0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B8057702_2_00007FFB0B805770
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7EB7002_2_00007FFB0B7EB700
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB167E45C02_2_00007FFB167E45C0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB167E48102_2_00007FFB167E4810
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB18B71F802_2_00007FFB18B71F80
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB18B822702_2_00007FFB18B82270
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB18B823802_2_00007FFB18B82380
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB18B81D302_2_00007FFB18B81D30
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB1AB121502_2_00007FFB1AB12150
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB1BAB7BA02_2_00007FFB1BAB7BA0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB1BAB7F792_2_00007FFB1BAB7F79
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB1BB118E02_2_00007FFB1BB118E0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB1BB110002_2_00007FFB1BB11000
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB1BB112B02_2_00007FFB1BB112B0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB226539F02_2_00007FFB226539F0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB226532E02_2_00007FFB226532E0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB22652ED02_2_00007FFB22652ED0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB226527A02_2_00007FFB226527A0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB22653F502_2_00007FFB22653F50
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB22651F502_2_00007FFB22651F50
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: String function: 00007FFB0B83C931 appears 39 times
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: String function: 00007FFB0B83C93D appears 69 times
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: String function: 00007FFB0B83C265 appears 48 times
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: String function: 00007FFB0B83C17B appears 38 times
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: String function: 00007FFB0B83C181 appears 1189 times
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: String function: 00007FFB0B83C16F appears 335 times
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: String function: 00007FFB0B7C1325 appears 478 times
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: String function: 00007FF7EC4F2710 appears 104 times
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: String function: 00007FF7EC4F2910 appears 34 times
Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: _overlapped.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: python3.dll.0.drStatic PE information: No import functions for PE file found
Source: ihNipdQaIz.exe, 00000000.00000003.1351264542.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs ihNipdQaIz.exe
Source: ihNipdQaIz.exe, 00000000.00000003.1349406406.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs ihNipdQaIz.exe
Source: ihNipdQaIz.exe, 00000000.00000003.1350583896.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs ihNipdQaIz.exe
Source: ihNipdQaIz.exe, 00000000.00000003.1362893494.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs ihNipdQaIz.exe
Source: ihNipdQaIz.exe, 00000000.00000003.1350816924.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs ihNipdQaIz.exe
Source: ihNipdQaIz.exe, 00000000.00000003.1350299896.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs ihNipdQaIz.exe
Source: ihNipdQaIz.exe, 00000000.00000003.1376124727.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs ihNipdQaIz.exe
Source: ihNipdQaIz.exe, 00000000.00000003.1350672908.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs ihNipdQaIz.exe
Source: ihNipdQaIz.exe, 00000000.00000003.1349286977.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs ihNipdQaIz.exe
Source: ihNipdQaIz.exe, 00000000.00000003.1351089861.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs ihNipdQaIz.exe
Source: ihNipdQaIz.exe, 00000000.00000003.1361145483.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs ihNipdQaIz.exe
Source: ihNipdQaIz.exe, 00000000.00000003.1359678117.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs ihNipdQaIz.exe
Source: ihNipdQaIz.exe, 00000000.00000003.1350411616.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs ihNipdQaIz.exe
Source: ihNipdQaIz.exe, 00000000.00000003.1349103735.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs ihNipdQaIz.exe
Source: ihNipdQaIz.exe, 00000000.00000003.1350128777.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs ihNipdQaIz.exe
Source: ihNipdQaIz.exe, 00000000.00000003.1350932278.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs ihNipdQaIz.exe
Source: ihNipdQaIz.exe, 00000000.00000003.1373035467.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs ihNipdQaIz.exe
Source: ihNipdQaIz.exe, 00000000.00000003.1349715506.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs ihNipdQaIz.exe
Source: ihNipdQaIz.exeBinary or memory string: OriginalFilename vs ihNipdQaIz.exe
Source: ihNipdQaIz.exe, 00000002.00000002.2628774135.00007FFB1E85E000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs ihNipdQaIz.exe
Source: ihNipdQaIz.exe, 00000002.00000002.2625554672.00007FFB0C435000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamepython312.dll. vs ihNipdQaIz.exe
Source: ihNipdQaIz.exe, 00000002.00000002.2628082795.00007FFB1D346000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs ihNipdQaIz.exe
Source: ihNipdQaIz.exe, 00000002.00000002.2628655469.00007FFB1E682000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs ihNipdQaIz.exe
Source: ihNipdQaIz.exe, 00000002.00000002.2628355311.00007FFB1D5B6000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs ihNipdQaIz.exe
Source: ihNipdQaIz.exe, 00000002.00000002.2623548443.00007FFB0B774000.00000002.00000001.01000000.00000027.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs ihNipdQaIz.exe
Source: ihNipdQaIz.exe, 00000002.00000002.2627873433.00007FFB1C263000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs ihNipdQaIz.exe
Source: ihNipdQaIz.exe, 00000002.00000002.2620611651.0000020F958B0000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs ihNipdQaIz.exe
Source: ihNipdQaIz.exe, 00000002.00000002.2628202328.00007FFB1D4D7000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs ihNipdQaIz.exe
Source: ihNipdQaIz.exe, 00000002.00000002.2627493794.00007FFB1BAA9000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs ihNipdQaIz.exe
Source: ihNipdQaIz.exe, 00000002.00000002.2628931637.00007FFB1E879000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs ihNipdQaIz.exe
Source: ihNipdQaIz.exe, 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs ihNipdQaIz.exe
Source: ihNipdQaIz.exe, 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs ihNipdQaIz.exe
Source: ihNipdQaIz.exe, 00000002.00000002.2623882257.00007FFB0B87F000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: OriginalFilenamelibsslH vs ihNipdQaIz.exe
Source: ihNipdQaIz.exe, 00000002.00000002.2628526433.00007FFB1E3C5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs ihNipdQaIz.exe
Source: ihNipdQaIz.exe, 00000002.00000002.2624606504.00007FFB0BD7A000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs ihNipdQaIz.exe
Source: classification engineClassification label: mal56.troj.winEXE@3/89@0/1
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user~1\AppData\Local\Temp\_MEI63282Jump to behavior
Source: ihNipdQaIz.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\ihNipdQaIz.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: ihNipdQaIz.exeVirustotal: Detection: 42%
Source: ihNipdQaIz.exeReversingLabs: Detection: 31%
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile read: C:\Users\user\Desktop\ihNipdQaIz.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\ihNipdQaIz.exe "C:\Users\user\Desktop\ihNipdQaIz.exe"
Source: C:\Users\user\Desktop\ihNipdQaIz.exeProcess created: C:\Users\user\Desktop\ihNipdQaIz.exe "C:\Users\user\Desktop\ihNipdQaIz.exe"
Source: C:\Users\user\Desktop\ihNipdQaIz.exeProcess created: C:\Users\user\Desktop\ihNipdQaIz.exe "C:\Users\user\Desktop\ihNipdQaIz.exe"Jump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeSection loaded: libffi-8.dllJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeSection loaded: libcrypto-3.dllJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeSection loaded: libssl-3.dllJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeSection loaded: wintypes.dllJump to behavior
Source: ihNipdQaIz.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: ihNipdQaIz.exeStatic file information: File size 15920444 > 1048576
Source: ihNipdQaIz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: ihNipdQaIz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: ihNipdQaIz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: ihNipdQaIz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: ihNipdQaIz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: ihNipdQaIz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: ihNipdQaIz.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: ihNipdQaIz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: ihNipdQaIz.exe, 00000002.00000002.2624861167.00007FFB0C194000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: ihNipdQaIz.exe, 00000000.00000003.1376124727.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2623347470.00007FFB0B76F000.00000002.00000001.01000000.00000027.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: ihNipdQaIz.exe, 00000002.00000002.2624361830.00007FFB0BCD1000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: ihNipdQaIz.exe, 00000002.00000002.2623835541.00007FFB0B844000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: ihNipdQaIz.exe, 00000000.00000003.1350672908.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: ihNipdQaIz.exe, 00000000.00000003.1349103735.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2628882976.00007FFB1E873000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: ihNipdQaIz.exe, 00000002.00000002.2624361830.00007FFB0BC39000.00000002.00000001.01000000.00000011.sdmp, libcrypto-3.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: ihNipdQaIz.exe, 00000000.00000003.1349103735.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2628882976.00007FFB1E873000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: ihNipdQaIz.exe, 00000002.00000002.2624361830.00007FFB0BCD1000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: ihNipdQaIz.exe, 00000000.00000003.1350583896.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: ihNipdQaIz.exe, 00000000.00000003.1373035467.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2628275126.00007FFB1D5B3000.00000002.00000001.01000000.0000000C.sdmp, select.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: ihNipdQaIz.exe, 00000002.00000002.2628727039.00007FFB1E851000.00000002.00000001.01000000.00000007.sdmp, _ctypes.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: ihNipdQaIz.exe, 00000000.00000003.1350299896.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmp, _hashlib.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: ihNipdQaIz.exe, 00000000.00000003.1350411616.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2628440906.00007FFB1E3BC000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: ihNipdQaIz.exe, 00000000.00000003.1349286977.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, _asyncio.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: ihNipdQaIz.exe, 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmp, pyexpat.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: ihNipdQaIz.exe, 00000000.00000003.1350816924.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2628035394.00007FFB1D343000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: ihNipdQaIz.exe, 00000000.00000003.1350411616.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2628440906.00007FFB1E3BC000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: ihNipdQaIz.exe, 00000000.00000003.1349406406.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2628604412.00007FFB1E67D000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: ihNipdQaIz.exe, 00000000.00000003.1351264542.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2628151077.00007FFB1D4D4000.00000002.00000001.01000000.0000000D.sdmp, _wmi.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: ihNipdQaIz.exe, 00000000.00000003.1350932278.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2627820504.00007FFB1C259000.00000002.00000001.01000000.0000000B.sdmp, _socket.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: ihNipdQaIz.exe, 00000000.00000003.1351264542.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2628151077.00007FFB1D4D4000.00000002.00000001.01000000.0000000D.sdmp, _wmi.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: ihNipdQaIz.exe, 00000000.00000003.1362893494.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2620611651.0000020F958B0000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdb source: ihNipdQaIz.exe, 00000002.00000002.2623835541.00007FFB0B844000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: ihNipdQaIz.exe, 00000002.00000002.2627415338.00007FFB1BA8D000.00000002.00000001.01000000.00000012.sdmp, _ssl.pyd.0.dr
Source: ihNipdQaIz.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: ihNipdQaIz.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: ihNipdQaIz.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: ihNipdQaIz.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: ihNipdQaIz.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: fothk
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: libcrypto-3.dll.0.drStatic PE information: section name: .00cfg
Source: libssl-3.dll.0.drStatic PE information: section name: .00cfg
Source: python312.dll.0.drStatic PE information: section name: PyRuntim
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7E4021 push rcx; ret 2_2_00007FFB0B7E4022

Persistence and Installation Behavior

barindex
Found pyInstaller with non standard icon
Source: C:\Users\user\Desktop\ihNipdQaIz.exeProcess created: "C:\Users\user\Desktop\ihNipdQaIz.exe"
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_ghash_clmul.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_keccak.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_RIPEMD160.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_SHA256.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\PublicKey\_curve25519.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_MD5.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_blowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Protocol\_scrypt.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_Salsa20.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\PublicKey\_ed25519.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_chacha20.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_MD4.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Util\_strxor.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\python312.dllJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_cast.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\PublicKey\_curve448.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_cfb.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_BLAKE2s.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_des3.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_eksblowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_arc2.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_ctr.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\charset_normalizer\md__mypyc.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Util\_cpuid_c.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\PublicKey\_ec_ws.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_MD2.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\libcrypto-3.dllJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_BLAKE2b.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\_asyncio.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_poly1305.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_ghash_portable.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_aesni.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_SHA1.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Math\_modexp.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_SHA384.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\libffi-8.dllJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_cbc.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_pkcs1_decode.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\_overlapped.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\charset_normalizer\md.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_ocb.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_aes.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\libssl-3.dllJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\_wmi.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\_cffi_backend.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_ofb.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\select.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_SHA512.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_ARC4.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_ecb.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\PublicKey\_ed448.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_des.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_SHA224.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeFile created: C:\Users\user~1\AppData\Local\Temp\_MEI63282\setuptools\_vendor\wheel-0.43.0.dist-info\LICENSE.txtJump to behavior

Hooking and other Techniques for Hiding and Protection

barindex
Uses known network protocols on non-standard ports
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 3000
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC4F76B0 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,0_2_00007FF7EC4F76B0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_ghash_clmul.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_keccak.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_RIPEMD160.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_SHA256.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\PublicKey\_curve25519.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_MD5.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_blowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Protocol\_scrypt.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_Salsa20.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\PublicKey\_ed25519.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_chacha20.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_MD4.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Util\_strxor.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\python312.dllJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_cast.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\PublicKey\_curve448.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_cfb.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_BLAKE2s.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_des3.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_eksblowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_arc2.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\charset_normalizer\md__mypyc.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_ctr.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Util\_cpuid_c.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\PublicKey\_ec_ws.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_MD2.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_BLAKE2b.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\_asyncio.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_poly1305.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_ghash_portable.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_aesni.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_SHA1.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Math\_modexp.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_SHA384.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_cbc.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\charset_normalizer\md.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\_overlapped.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_pkcs1_decode.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_ocb.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_aes.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\_wmi.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\_cffi_backend.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\select.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_ofb.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_SHA512.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_ARC4.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\PublicKey\_ed448.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_ecb.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_des.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_SHA224.pydJump to dropped file
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-17972
Source: C:\Users\user\Desktop\ihNipdQaIz.exeAPI coverage: 0.5 %
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC4F92F0 FindFirstFileExW,FindClose,0_2_00007FF7EC4F92F0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC5118E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF7EC5118E4
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC4F83B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF7EC4F83B0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC4F92F0 FindFirstFileExW,FindClose,2_2_00007FF7EC4F92F0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC5118E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF7EC5118E4
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC4F83B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,2_2_00007FF7EC4F83B0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB22652E00 Sleep,GetSystemInfo,abort,2_2_00007FFB22652E00
Source: ihNipdQaIz.exe, 00000000.00000003.1352049396.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, cacert.pem.0.drBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
Source: ihNipdQaIz.exe, 00000002.00000003.1382921045.0000020F95FE3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621076828.0000020F95F7F000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1384522189.0000020F95FEB000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1383801051.0000020F96007000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1383465880.0000020F95FED000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1386845864.0000020F95FE2000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1383155722.0000020F95FF0000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1389190301.0000020F96007000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1384252605.0000020F95FEA000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1383550651.0000020F95FED000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC50A684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7EC50A684
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC5134F0 GetProcessHeap,0_2_00007FF7EC5134F0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC50A684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7EC50A684
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC4FC910 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF7EC4FC910
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC4FD19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7EC4FD19C
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC4FD37C SetUnhandledExceptionFilter,0_2_00007FF7EC4FD37C
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC50A684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF7EC50A684
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC4FC910 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF7EC4FC910
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC4FD19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF7EC4FD19C
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FF7EC4FD37C SetUnhandledExceptionFilter,2_2_00007FF7EC4FD37C
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B663068 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFB0B663068
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B662AA0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFB0B662AA0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB0B7C2126 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFB0B7C2126
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB167E1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFB167E1960
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB167E1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFB167E1390
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB18B71960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFB18B71960
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB18B71390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFB18B71390
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB18B81960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFB18B81960
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB18B81390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFB18B81390
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB1AB11960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFB1AB11960
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB1AB11390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFB1AB11390
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB1BA61390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFB1BA61390
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB1BA61960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFB1BA61960
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB1BA71390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFB1BA71390
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB1BA71960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFB1BA71960
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB1BABFFF8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFB1BABFFF8
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB1BABFA30 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFB1BABFA30
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB1BB14660 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFB1BB14660
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB1BB14090 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFB1BB14090
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB1CA11390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFB1CA11390
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB1CA11960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFB1CA11960
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB226552F0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFB226552F0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 2_2_00007FFB22654D20 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFB22654D20
Source: C:\Users\user\Desktop\ihNipdQaIz.exeProcess created: C:\Users\user\Desktop\ihNipdQaIz.exe "C:\Users\user\Desktop\ihNipdQaIz.exe"Jump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC5195E0 cpuid 0_2_00007FF7EC5195E0
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\PublicKey VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Util VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\cryptography-44.0.0.dist-info\licenses VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor\importlib_metadata-8.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\_wmi.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor\jaraco VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\_queue.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\_ssl.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor\jaraco\text\Lorem ipsum.txt VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor\jaraco\text\Lorem ipsum.txt VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Util VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Protocol VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeQueries volume information: C:\Users\user\Desktop\ihNipdQaIz.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC4FD080 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF7EC4FD080
Source: C:\Users\user\Desktop\ihNipdQaIz.exeCode function: 0_2_00007FF7EC515C70 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF7EC515C70

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API		1
DLL Side-Loading		11
Process Injection		11
Process Injection		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory21
Security Software Discovery		Remote Desktop ProtocolData from Removable Media11
Non-Standard Port		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
Obfuscated Files or Information		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared Drive1
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDS23
System Information Discovery		Distributed Component Object ModelInput Capture1
Application Layer Protocol		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
ihNipdQaIz.exe42%VirustotalBrowse
ihNipdQaIz.exe32%ReversingLabsWin64.Packed.Generic

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_ARC4.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_Salsa20.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_chacha20.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_pkcs1_decode.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_aes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_aesni.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_arc2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_blowfish.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_cast.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_cbc.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_cfb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_ctr.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_des.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_des3.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_ecb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_eksblowfish.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_ocb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_ofb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_BLAKE2b.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_BLAKE2s.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_MD2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_MD4.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_MD5.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_RIPEMD160.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_SHA1.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_SHA224.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_SHA256.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_SHA384.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_SHA512.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_ghash_clmul.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_ghash_portable.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_keccak.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_poly1305.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Math\_modexp.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Protocol\_scrypt.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\PublicKey\_curve25519.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\PublicKey\_curve448.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\PublicKey\_ec_ws.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\PublicKey\_ed25519.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\PublicKey\_ed448.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Util\_cpuid_c.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Util\_strxor.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\_asyncio.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\_cffi_backend.cp312-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\_ctypes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\_multiprocessing.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\_overlapped.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\_wmi.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\charset_normalizer\md.cp312-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\charset_normalizer\md__mypyc.cp312-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\cryptography\hazmat\bindings\_rust.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\libcrypto-3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\libffi-8.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\libssl-3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\pyexpat.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\python3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63282\python312.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://foo/bar.tgz0%Avira URL Cloudsafe
http://repository.swisssign.com/10%Avira URL Cloudsafe
http://repository.swisssign.com/V0%Avira URL Cloudsafe
https://blog.jaraco.com/skeleton0%Avira URL Cloudsafe
https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages0%Avira URL Cloudsafe
https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gz0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:r;NrihNipdQaIz.exe, 00000002.00000003.1381063345.0000020F95FBA000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1381310226.0000020F95FFE000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1381063345.0000020F95FE8000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1381386324.0000020F96000000.00000004.00000020.00020000.00000000.sdmpfalse
    		high
    https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdfihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F965FD000.00000004.00000020.00020000.00000000.sdmpfalse
      		high
      https://github.com/astral-sh/ruffihNipdQaIz.exe, 00000000.00000003.1374134610.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
        		high
        https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesihNipdQaIz.exe, 00000002.00000002.2621233226.0000020F96050000.00000004.00001000.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://github.com/python/importlib_metadata/actions/workflows/main.yml/badge.svgihNipdQaIz.exe, 00000000.00000003.1374134610.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
          		high
          http://crl.dhimyotis.com/certignarootca.crl0ihNipdQaIz.exe, 00000002.00000002.2621076828.0000020F95F7F000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://github.com/python/importlib_metadataMETADATA0.0.drfalse
              		high
              https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/charliermarsh/ruff/main/assetsihNipdQaIz.exe, 00000000.00000003.1374134610.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                		high
                https://github.com/python/importlib_metadata/issuesihNipdQaIz.exe, 00000000.00000003.1374134610.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                  		high
                  http://repository.swisssign.com/1ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F9649C000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://setuptools.pypa.io/en/latest/ihNipdQaIz.exe, 00000002.00000002.2622282683.0000020F96AC0000.00000004.00001000.00020000.00000000.sdmpfalse
                    		high
                    https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#ihNipdQaIz.exe, 00000002.00000003.1377867750.0000020F940B2000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1377844920.0000020F95A2B000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2620369101.0000020F94042000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://wheel.readthedocs.io/en/stable/news.htmlihNipdQaIz.exe, 00000000.00000003.1375257164.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://github.com/pyca/cryptography/actions?query=workflow%3ACIihNipdQaIz.exe, 00000000.00000003.1352953369.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                          		high
                          https://importlib-metadata.readthedocs.io/METADATA0.0.drfalse
                            		high
                            https://tools.ietf.org/html/rfc2388#section-4.4ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F96549000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://www.apache.org/licenses/LICENSE-2.0ihNipdQaIz.exe, 00000000.00000003.1353803291.000001DC5E901000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1353977445.000001DC5E902000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000000.00000003.1353803291.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drfalse
                                		high
                                https://packaging.python.org/en/latest/specifications/core-metadata/ihNipdQaIz.exe, 00000002.00000002.2622363255.0000020F96BC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64ihNipdQaIz.exe, 00000002.00000003.1383832017.0000020F95E7F000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621076828.0000020F95E50000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://github.com/pypa/packagingihNipdQaIz.exe, 00000002.00000002.2621390069.0000020F96270000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      https://readthedocs.org/projects/importlib-metadata/badge/?version=latestihNipdQaIz.exe, 00000000.00000003.1374134610.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                        		high
                                        https://refspecs.linuxfoundation.org/elf/gabi4ihNipdQaIz.exe, 00000002.00000002.2622038674.0000020F96790000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963ihNipdQaIz.exe, 00000002.00000002.2622363255.0000020F96BC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            https://blog.jaraco.com/skeletonihNipdQaIz.exe, 00000000.00000003.1374134610.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://tools.ietf.org/html/rfc3610ihNipdQaIz.exe, 00000002.00000002.2621076828.0000020F95F7F000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F965FD000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://github.com/platformdirs/platformdirsihNipdQaIz.exe, 00000002.00000002.2622038674.0000020F96790000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                https://peps.python.org/pep-0205/ihNipdQaIz.exe, 00000002.00000002.2621311955.0000020F96150000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
                                                  		high
                                                  http://crl.dhimyotis.com/certignarootca.crlihNipdQaIz.exe, 00000002.00000002.2622882536.0000020F97000000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F9666D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://curl.haxx.se/rfc/cookie_spec.htmlihNipdQaIz.exe, 00000002.00000002.2622442807.0000020F96E04000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://ocsp.accv.esihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F9671F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://repository.swisssign.com/VihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F966DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.mdihNipdQaIz.exe, 00000000.00000003.1375257164.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:ihNipdQaIz.exe, 00000002.00000003.1381063345.0000020F95FBA000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1381310226.0000020F95FFE000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1381063345.0000020F95FE8000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1381386324.0000020F96000000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filenameihNipdQaIz.exe, 00000002.00000002.2620701494.0000020F95900000.00000004.00001000.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1377844920.0000020F95A2B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyihNipdQaIz.exe, 00000002.00000002.2622442807.0000020F96D10000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688ihNipdQaIz.exe, 00000002.00000002.2620701494.0000020F9597C000.00000004.00001000.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1377844920.0000020F95A2B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://httpbin.org/getihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F96549000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://packaging.python.org/en/latest/specifications/entry-points/ihNipdQaIz.exe, 00000002.00000002.2622282683.0000020F96AC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-accessihNipdQaIz.exe, 00000002.00000002.2620824197.0000020F95A3D000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1381213325.0000020F95F98000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1381136950.0000020F95F2C000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1381310226.0000020F95FFE000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1381310226.0000020F95F9E000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1381063345.0000020F95FE8000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1381386324.0000020F96000000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://pypi.org/project/build/).ihNipdQaIz.exe, 00000002.00000002.2622282683.0000020F96AC0000.00000004.00001000.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2622118327.0000020F96890000.00000004.00001000.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2622199271.0000020F969C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_codeihNipdQaIz.exe, 00000002.00000002.2620701494.0000020F9597C000.00000004.00001000.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1377844920.0000020F95A2B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://wwww.certigna.fr/autorites/0mihNipdQaIz.exe, 00000002.00000002.2621076828.0000020F95F7F000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F9666D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://github.com/pypa/wheelihNipdQaIz.exe, 00000000.00000003.1375257164.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.python.org/dev/peps/pep-0427/ihNipdQaIz.exe, 00000000.00000003.1375257164.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerihNipdQaIz.exe, 00000002.00000003.1377867750.0000020F940B2000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1377844920.0000020F95A2B000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2620369101.0000020F94042000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://foo/bar.tgzihNipdQaIz.exe, 00000002.00000002.2622038674.0000020F96790000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://github.com/python/cpython/issues/86361.ihNipdQaIz.exe, 00000002.00000003.1382921045.0000020F95FE3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1386845864.0000020F95EDE000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1388684390.0000020F95EDE000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1384522189.0000020F95FEB000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1383801051.0000020F96007000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1383465880.0000020F95FED000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1384252605.0000020F95ED3000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1383155722.0000020F95FF0000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1384252605.0000020F95FEA000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1383550651.0000020F95ED0000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1385831680.0000020F95EDE000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1383550651.0000020F95FED000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621076828.0000020F95E50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://crl.xrampsecurity.com/XGCA.crl3ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F966DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://httpbin.org/ihNipdQaIz.exe, 00000002.00000002.2620824197.0000020F95A3D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.apache.org/licenses/ihNipdQaIz.exe, 00000000.00000003.1353803291.000001DC5E8F3000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drfalse
                                                                                            		high
                                                                                            https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=mainihNipdQaIz.exe, 00000000.00000003.1352953369.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                              		high
                                                                                              https://wwww.certigna.fr/autorites/ihNipdQaIz.exe, 00000002.00000002.2622882536.0000020F97000000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gzihNipdQaIz.exe, 00000002.00000003.1387843035.0000020F9642A000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1386826666.0000020F964C7000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1385302485.0000020F964B0000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1386771666.0000020F964A9000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1384824301.0000020F96444000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1384824301.0000020F964B0000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F9642A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_moduleihNipdQaIz.exe, 00000002.00000002.2620919569.0000020F95C40000.00000004.00001000.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1377844920.0000020F95A2B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_cachesihNipdQaIz.exe, 00000002.00000002.2620919569.0000020F95C40000.00000004.00001000.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1377844920.0000020F95A2B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://docs.python.org/3/reference/import.html#finders-and-loadersihNipdQaIz.exe, 00000000.00000003.1374134610.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                      		high
                                                                                                      https://img.shields.io/badge/skeleton-2024-informationalihNipdQaIz.exe, 00000000.00000003.1374134610.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                        		high
                                                                                                        https://packaging.python.org/en/latest/guides/packaging-namespace-packages/.ihNipdQaIz.exe, 00000002.00000002.2622282683.0000020F96AC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://packaging.python.org/en/latest/specifications/pyproject-toml/#declaring-project-metadata-theihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F9649C000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1389707611.0000020F9649C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F9666D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://cryptography.io/en/latest/installation/ihNipdQaIz.exe, 00000000.00000003.1352953369.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                		high
                                                                                                                https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syihNipdQaIz.exe, 00000002.00000003.1377867750.0000020F940B2000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1377844920.0000020F95A2B000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2620369101.0000020F94042000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://www.python.org/psf/license/ihNipdQaIz.exe, 00000002.00000002.2625203044.00007FFB0C30C000.00000008.00000001.01000000.00000004.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://docs.python.org/3/library/multiprocessing.htmlihNipdQaIz.exe, 00000002.00000002.2621076828.0000020F95E50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://github.com/pypa/setuptools/issues/417#issuecomment-392298401ihNipdQaIz.exe, 00000002.00000002.2622199271.0000020F969C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://crl.securetrust.com/STCA.crlihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F966DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://wwwsearch.sf.net/):ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F9663B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F9671F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://www.accv.es/legislacion_c.htmihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F9671F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://tools.ietf.org/html/rfc6125#section-6.4.3ihNipdQaIz.exe, 00000002.00000002.2622442807.0000020F96D10000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://cryptography.io/en/latest/security/ihNipdQaIz.exe, 00000000.00000003.1352953369.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                    		high
                                                                                                                                    http://www.quovadisglobal.com/cpsoihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F966DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://crl.xrampsecurity.com/XGCA.crl0ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F9666D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://bugs.python.org/issue44497.ihNipdQaIz.exe, 00000002.00000002.2622199271.0000020F969C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://www.cert.fnmt.es/dpcs/ihNipdQaIz.exe, 00000002.00000002.2622882536.0000020F97000000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F9649C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://setuptools.pypa.io/en/latest/pkg_resources.htmlihNipdQaIz.exe, 00000002.00000003.1381310226.0000020F95FFE000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1381063345.0000020F95FE8000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1381386324.0000020F96000000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://google.com/mailihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F9649C000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F9642A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://img.shields.io/pypi/v/importlib_metadata.svgihNipdQaIz.exe, 00000000.00000003.1374134610.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://packaging.python.org/specifications/entry-points/ihNipdQaIz.exe, 00000002.00000002.2622199271.0000020F969C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://github.com/jaraco/jaraco.functools/issues/5ihNipdQaIz.exe, 00000002.00000002.2622038674.0000020F96790000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://www.accv.es00ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F9671F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://www.python.org/psf/license/)ihNipdQaIz.exe, 00000002.00000002.2624861167.00007FFB0C194000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyihNipdQaIz.exe, 00000002.00000002.2620369101.0000020F94042000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://www.rfc-editor.org/info/rfc7253ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F9642A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://github.com/pyca/cryptography/issuesMETADATA.0.drfalse
                                                                                                                                                                		high
                                                                                                                                                                http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdfihNipdQaIz.exe, 00000002.00000002.2621076828.0000020F95F7F000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F965FD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://readthedocs.org/projects/cryptography/badge/?version=latestihNipdQaIz.exe, 00000000.00000003.1352953369.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://foss.heptapod.net/pypy/pypy/-/issues/3539ihNipdQaIz.exe, 00000002.00000002.2622363255.0000020F96BC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F963A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://google.com/ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F9666D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://mahler:8092/site-updates.pyihNipdQaIz.exe, 00000002.00000003.1386771666.0000020F9644E000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1386771666.0000020F964A9000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621076828.0000020F95E50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://crl.securetrust.com/SGCA.crlihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F966DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://.../back.jpegihNipdQaIz.exe, 00000002.00000002.2622442807.0000020F96D10000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://tools.ietf.org/html/rfc7231#section-4.3.6)ihNipdQaIz.exe, 00000002.00000002.2620824197.0000020F95A00000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1388633950.0000020F9649E000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000003.1387843035.0000020F9649C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://tools.ietf.org/html/rfc5869ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F965FD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://github.com/pyca/cryptographyihNipdQaIz.exe, 00000000.00000003.1352953369.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://www.python.org/download/releases/2.3/mro/.ihNipdQaIz.exe, 00000002.00000002.2620701494.0000020F95900000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.htmlihNipdQaIz.exe, 00000002.00000002.2621076828.0000020F95F7F000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F9649C000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621872957.0000020F9666D000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F965FD000.00000004.00000020.00020000.00000000.sdmp, ihNipdQaIz.exe, 00000002.00000002.2621468559.0000020F9642A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://cryptography.io/METADATA.0.drfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://github.com/pypa/wheel/issuesihNipdQaIz.exe, 00000000.00000003.1375257164.000001DC5E8F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high

                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                              Public IPs

                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                              130.193.51.109
                                                                                                                                                                                              		unknownRussian Federation
                                                                                                                                                                                              		200350YANDEXCLOUDRUfalse

                                                                                                                                                                                              General Information

                                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                              Analysis ID:1577185
                                                                                                                                                                                              Start date and time:2024-12-18 08:49:13 +01:00
                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                              Overall analysis duration:0h 8m 29s
                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                              Report type:full
                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                              Number of analysed new started processes analysed:7
                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                                              Technologies:
                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                              Sample name:ihNipdQaIz.exe
                                                                                                                                                                                              renamed because original name is a hash value
                                                                                                                                                                                              Original Sample Name:a540b68cbb2ebdfab541c5c682d759fa0f15b0d38b297bf538fc89945e288fef.exe
                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                              Classification:mal56.troj.winEXE@3/89@0/1
                                                                                                                                                                                              EGA Information:
                                                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                                                              HCA Information:Failed
                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                              • Found application associated with file extension: .exe

                                                                                                                                                                                              Warnings

                                                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 13.107.246.63, 52.149.20.212
                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                              • Report size getting too big, too many NtQueryVolumeInformationFile calls found.

                                                                                                                                                                                              Simulations

                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                              No simulations

                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                              IPs

                                                                                                                                                                                              No context

                                                                                                                                                                                              Domains

                                                                                                                                                                                              No context

                                                                                                                                                                                              ASNs

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                              YANDEXCLOUDRUSecuriteInfo.com.Win32.Trojan-Downloader.Generic.9UTDDY.27958.1932.exeGet hashmaliciousMetasploitBrowse
                                                                                                                                                                                              • 84.201.150.223
                                                                                                                                                                                              SecuriteInfo.com.Win64.MalwareX-gen.15798.11018.exeGet hashmaliciousMetasploitBrowse
                                                                                                                                                                                              • 84.201.150.223
                                                                                                                                                                                              http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 130.193.42.23
                                                                                                                                                                                              http://vidaliaonion.orgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 130.193.53.230
                                                                                                                                                                                              Vt5wr1Hj3H.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                              • 178.154.229.200
                                                                                                                                                                                              https://faq-kak.ru/kak-najti-svoyu-biblioteku-v-steam/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 130.193.58.13
                                                                                                                                                                                              loligang.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                              • 84.201.130.205
                                                                                                                                                                                              http://paypal.6887xyyz.biz.id/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 130.193.53.144
                                                                                                                                                                                              file.exeGet hashmaliciousRaccoon Stealer v2, RedLine, SmokeLoaderBrowse
                                                                                                                                                                                              • 130.193.51.105
                                                                                                                                                                                              file.exeGet hashmaliciousDarkTortilla, Glupteba, Raccoon Stealer v2, RedLine, SmokeLoaderBrowse
                                                                                                                                                                                              • 130.193.51.105

                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                              No context

                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_chacha20.pydcPl7CoJTBx.exeGet hashmaliciousLuna Grabber, Luna LoggerBrowse
                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_ARC4.pydcPl7CoJTBx.exeGet hashmaliciousLuna Grabber, Luna LoggerBrowse
                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_Salsa20.pydAS6xKJzYJT.exeGet hashmaliciousPython Stealer, XenoRATBrowse
                                                                                                                                                                                                    cPl7CoJTBx.exeGet hashmaliciousLuna Grabber, Luna LoggerBrowse

                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_ARC4.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):11264
                                                                                                                                                                                                      Entropy (8bit):4.64091077287031
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:dGklddyTHThob0q/tJRrlDONYSOcqgYCWt:EgcdZq/JJDFgRWt
                                                                                                                                                                                                      MD5:F3A0DEF1BA9F7CF5DA771F5E7C29CA3F
                                                                                                                                                                                                      SHA1:21CA5BCB23A55A7FE41AF810C1B0E5DCAEB25C16
                                                                                                                                                                                                      SHA-256:362C42BD62E5751E9B647BD575D483CC510DC862AB6098E6893EDCF3F44A567E
                                                                                                                                                                                                      SHA-512:659DC896767501A8B7690CE944AA7A6D60A5F0596C32E2E2B0E8D4BF85434C25337BB6835A386CEAAEE245B9A5E9A06415196B9BDC115668373388D693DC747E
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                      • Filename: cPl7CoJTBx.exe, Detection: malicious, Browse
                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d....B.f.........." ................P........................................p............`..........................................'......0(..d....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata..Z.... ......................@..@.data...H....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......(..............@..@.reloc..(....`.......*..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_Salsa20.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):13824
                                                                                                                                                                                                      Entropy (8bit):5.019697132100443
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:4t/1nCuqaL0kt7AznuRmceS4lDhhAlcqgcLg:F/k1ACln4lDkgcLg
                                                                                                                                                                                                      MD5:2CE3043D6FBD62BCBE6948A1E6A789F0
                                                                                                                                                                                                      SHA1:7A5E9BC5A96BD2EC677927FB014073E7CDB70F3B
                                                                                                                                                                                                      SHA-256:C5A4AC8202A0211163938B6306E3A678CC461ED8E283F4C4601748D2E50783A3
                                                                                                                                                                                                      SHA-512:8FCA5216D65C66640541B31E21A7EB18F510C5C0D3420BFF5581337875A6F68DD808F35D61A759A26AAD9AE4F50AA1580E8D90E016D9ACDC5AA2D04CFAAD4377
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                      • Filename: AS6xKJzYJT.exe, Detection: malicious, Browse
                                                                                                                                                                                                      • Filename: cPl7CoJTBx.exe, Detection: malicious, Browse
                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d....B.f.........." ................P.....................................................`..........................................8......H9..d....`.......P..L............p..(....1...............................1..8............0...............................text...h........................... ..`.rdata..r....0......................@..@.data...H....@.......,..............@....pdata..L....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_chacha20.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):13312
                                                                                                                                                                                                      Entropy (8bit):5.038085765012569
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:st/1nCuqaL0ktPMn1ENe3erKr5br0YbsiDA6a9lkOcqgRGd:p/kpMIodrXbsiDC95gRGd
                                                                                                                                                                                                      MD5:0BE007DD183DAF0F4B65E73CF19EA139
                                                                                                                                                                                                      SHA1:272275DA46E02B3C0F856E14F4FB27A0F4B0494E
                                                                                                                                                                                                      SHA-256:F6308DACB781C99D3B962451FC681973808792936690AF6AA7FA5B6DF40F4EAF
                                                                                                                                                                                                      SHA-512:F4F06C03239E262C5500E5E64AB4F8B71BF90EDE3B8157B572BF36F303DAE2D81DB2B063DF30E8D5E555A51B07A42264E19B68D25006BC31B4EA27F3FBE1E023
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                      • Filename: cPl7CoJTBx.exe, Detection: malicious, Browse
                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d....B.f.........." ................P.....................................................`......................................... 8.......8..d....`.......P..d............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..d....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..(....p.......2..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_pkcs1_decode.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):14336
                                                                                                                                                                                                      Entropy (8bit):5.09241379083317
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:rDVsiXeqVb0lIb0Pj5Jdfpm68WZDFnU282tacqgYLg:rD7ali0Pj5JxCaDpUlgYLg
                                                                                                                                                                                                      MD5:1831D77E3247E859A1BD4311637D5D17
                                                                                                                                                                                                      SHA1:730355120C6079AC3B38DD5E7FD0CF656CF604C2
                                                                                                                                                                                                      SHA-256:B04AB30C7AD39D852854AA0CCD9508D213EAA1B1D070B27D3679C1CBB53FAFC6
                                                                                                                                                                                                      SHA-512:5B208AC5C00CAF8C49FA82264308CC1379F1F83391CF6EDDEB1A35BCE6E7459F28CE6ABD5E32229A4CF1D096E05C59C96BE405F061E6883290BD27CC65D2E81E
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^:.6?T.6?T.6?T.?G..2?T.dJU.4?T.}GU.5?T.6?U..?T.dJQ.<?T.dJP.>?T.dJW.5?T..J\.7?T..JT.7?T..J..7?T..JV.7?T.Rich6?T.........................PE..d....B.f.........." ................P.....................................................`.........................................`8.......8..d....`.......P..(............p..(....1...............................1..8............0...............................text............................... ..`.rdata..6....0....... ..............@..@.data...x....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_aes.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):36352
                                                                                                                                                                                                      Entropy (8bit):6.5414219614027544
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:384:m/UlZA5PUEllvxL/7v/iKBt5ByU0xGitqzSEkxGG7+tpKHb/LZ7fr52EkifcMxmP:RlcR7JriEbwDaS4j990th9VgBV
                                                                                                                                                                                                      MD5:E306365BDC8D15B2F477E5AF252D0B59
                                                                                                                                                                                                      SHA1:E6461FD5079050D129CD47CD4F6AFA7B632C4314
                                                                                                                                                                                                      SHA-256:2DCAC73EA3240A008D115BAC0EA4D7C65C8162676AB30BCAF7527C22B98B4929
                                                                                                                                                                                                      SHA-512:1B63A9ADCF6A37F601B8E1BD6206EC369A618C81F1C3477301053219DB1DDECC27B5AEB9E7AD7490C7E987BA196884D66E85BB5B7F4DAD43BFFF891310E11945
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d....B.f.........." .....H...H......P.....................................................`.........................................p...........d...............................0......................................8............`...............................text...xG.......H.................. ..`.rdata.."6...`...8...L..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_aesni.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):15360
                                                                                                                                                                                                      Entropy (8bit):5.367966872597574
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:QJBj5fq/Rk0kPLhOZ3UucCWuSKPEkA2bDMJXx03cqg5YUMLgs:Sk1kTMZEjCWNaA2D4x0g5YUMLg
                                                                                                                                                                                                      MD5:973F11DE023C9337F35F9BB55C6154A6
                                                                                                                                                                                                      SHA1:C02FF64D9FC5B8B8590488BBE9658593FC90CA47
                                                                                                                                                                                                      SHA-256:483758336267F8842F5432BB83300EA0FCB49C4E0B29962CBD7F27B1C3DFC56A
                                                                                                                                                                                                      SHA-512:8658ADE868C9D942660361A60C5B4068238B418857BBBD4B1712DE5A146300F435960A75C411E1737E590020644309C92A2DCFDA69A2D6162A4135244A282871
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.z.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d....B.f.........." ......... ......P.....................................................`..........................................9......$:..d....`.......P...............p..(....1...............................1..8............0.. ............................text............................... ..`.rdata.......0......."..............@..@.data...8....@.......2..............@....pdata.......P.......4..............@..@.rsrc........`.......8..............@..@.reloc..(....p.......:..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_arc2.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):16384
                                                                                                                                                                                                      Entropy (8bit):5.411163759850271
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:a3d9FkHaz0EJvrj+CYuz7ucc9dG7otDrM2KcqgOiewZjW:ekHEJzj+X6769lD1agO/w
                                                                                                                                                                                                      MD5:31F8353B80EA438AA705A7986DF24ED3
                                                                                                                                                                                                      SHA1:3BBA2691BA37884AC5DD6397456EC1D46E2D25C0
                                                                                                                                                                                                      SHA-256:89A51C145166DD24CF83D358ADE292B23F20B94BE783D5FE33A9DA2D7F2C14EB
                                                                                                                                                                                                      SHA-512:8CC35583EF842164A29F23E9A643898C622003654E551DADBBB6DD309017ABD886D2BDC491472B21ED8816B0619A521B70934FD8CD2614BAABC2DADEED237FA6
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d....B.f.........." ....."... ......P.....................................................`.........................................pI.......J..d....p.......`..................(....B...............................B..8............@...............................text...( .......".................. ..`.rdata..<....@.......&..............@..@.data...H....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..(............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_blowfish.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):20992
                                                                                                                                                                                                      Entropy (8bit):6.041327291179631
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:384:CUX0JfbRz5MLZA0nmwzMDYpJgLa0Mp8zDBcxgprAM:0NbRzWXwDqgLa1wBfP
                                                                                                                                                                                                      MD5:F86637FA9E2246C36B6FFB90CA83E66C
                                                                                                                                                                                                      SHA1:BA04C29B14B39295CE0C9CE1F1B8444DC7EDF275
                                                                                                                                                                                                      SHA-256:933330BD2D55DE985B45BDD12B99291B4507C830CD6CC9E917CEDD1E49E878EC
                                                                                                                                                                                                      SHA-512:128B6322338C7B262B2BA6155FADC798E6F59011810B7A4501BBBECE19EA20CB857BFD180B0AB727347ACEE651949A45FB4183445293853698B4F42E999C47DA
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d....B.f.........." .....$...0......P.....................................................`.........................................0Y.......Y..d............p..................0....Q...............................R..8............@...............................text....".......$.................. ..`.rdata.......@... ...(..............@..@.data...H....`.......H..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc..0............P..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_cast.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):24576
                                                                                                                                                                                                      Entropy (8bit):6.530672619544914
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:384:pEDwUBi9SPu71omZXmrfXA+UA10ol31tuX8YdAgYj:CsUBXmoEXmrXA+NNxWMYfo
                                                                                                                                                                                                      MD5:AC98B10064264B49DE13F66E60CD47B5
                                                                                                                                                                                                      SHA1:C14CA2E042F6FA11135CE824F14A14E3625D1A97
                                                                                                                                                                                                      SHA-256:8621AC7A3E09367BB0C529FDD3D178F20EDFA193FE0D19A02DE424A6BBA45229
                                                                                                                                                                                                      SHA-512:A30EA39A36FC58B888E10F2C4C8B075787B03019C0408F0083D2A6A30707380841E6A6A726ADF5F24013AE5B481D3998541EB3C29F9744DB95D4BD53287835D2
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d....B.f.........." .....$...>............................................................`..........................................h.......i..d...............................0....a...............................a..8............@...............................text....#.......$.................. ..`.rdata..:-...@.......(..............@..@.data...H....p.......V..............@....pdata...............X..............@..@.rsrc................\..............@..@.reloc..0............^..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_cbc.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):12288
                                                                                                                                                                                                      Entropy (8bit):4.7088945967294356
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:EF/1n7Guqaj0ktfEJwX1fYwCOD03lncqg0Gd6l:+GXkJEm1feODaDg0Gd6
                                                                                                                                                                                                      MD5:8D17946E6B1936061203AFE20CDDB5B0
                                                                                                                                                                                                      SHA1:589DAC4D2864FDC0219B0DE3973B2EE0023CD5EA
                                                                                                                                                                                                      SHA-256:BB9898057572F17131BB63D513C19901E29D2E29215F7A93D6D84FA537475F0B
                                                                                                                                                                                                      SHA-512:3354942781E4D36B84D83AB6959707D29F6E25D3614B15A228D63D084F6F2A280BFC9153F24EA0FEF489FA7043E21EB67E4B6D3AD7D073FDE37F6206462F5931
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d....B.f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..(....p......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_cfb.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):12800
                                                                                                                                                                                                      Entropy (8bit):5.159801367034206
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:kZlRgfeqfz0RP767fB4A84D+VD6eDcqgzbkLgmf:jwRj67p84Dm6eVgzbkLgmf
                                                                                                                                                                                                      MD5:606E85B094AE6752E1099A176AA20F09
                                                                                                                                                                                                      SHA1:35E9355CE75B57111D3793502636D5FCD78D34A4
                                                                                                                                                                                                      SHA-256:917FA3438B61CC207D73BD72CDA6C42CD08656A2187FD9CA2860C67C12677238
                                                                                                                                                                                                      SHA-512:19DE7B6C567E997825F2F08773C45A3562BC3980248DE31738395CAFA0306707A82F912A8B9B1DBA440162443E1554E87EF5586776189B763576D9A7ACA9E587
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^..6?..6?..6?..?G..2?..dJ..4?..}G..5?..6?...?..dJ..<?..dJ..>?..dJ..5?...J..7?...J..7?...Jk.7?...J..7?..Rich6?..................PE..d....B.f.........." ................P.....................................................`..........................................8......x9..d....`.......P..d............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......(..............@....pdata..d....P.......*..............@..@.rsrc........`......................@..@.reloc..(....p.......0..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_ctr.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):14848
                                                                                                                                                                                                      Entropy (8bit):5.270331451319695
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:vrtJ1gifqQGRk0IP73AdXdmEEEEEm9uhiFEQayDsVMcqgnF6+6Lg:vrdU1ID3AdXd49urQPDbgnUjLg
                                                                                                                                                                                                      MD5:F3CFD044825E9C08CE37A8034E2ED786
                                                                                                                                                                                                      SHA1:51637C5678AEDF528ADEF8036C53513495FCBB44
                                                                                                                                                                                                      SHA-256:BCBE37F565B91A127E40634DB8E7E1B8B1CE3E1344F3FA082496B93D75435B80
                                                                                                                                                                                                      SHA-512:FD9F8AE46A438138C31408EBF9129DD507A8FD6DC24F24EAE2B2DD8BD90E8B78AFB0AEF82A314CA5566D4D1BB7D166642DD2E7D7EA8E484C0261F623B2C1C15B
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^z.6?..6?..6?..?G..2?..dJ..4?..}G..5?..6?...?..dJ..<?..dJ..>?..dJ..5?...J..7?...J..7?...J..7?...J..7?..Rich6?..........................PE..d....B.f.........." ......... ......P.....................................................`.........................................`9.......:..d....`.......P...............p..(....1...............................1..8............0.. ............................text............................... ..`.rdata.......0....... ..............@..@.data........@.......0..............@....pdata.......P.......2..............@..@.rsrc........`.......6..............@..@.reloc..(....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_des.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):56832
                                                                                                                                                                                                      Entropy (8bit):4.231023773248046
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:384:EqcmHBeNL1dO/qHkpnYcZiGKdZHDLY84vnKAnK2rZw21agVF:vEiqHHx4vZTV
                                                                                                                                                                                                      MD5:FE88CD3248814691F951330F780E351C
                                                                                                                                                                                                      SHA1:4DF59A4BC3A3F72BCAADEC80C3326BEBB7D7213E
                                                                                                                                                                                                      SHA-256:BB692D568653FBB9414A050665A94ABB42905AC4343A30ECDC2953C4F840631F
                                                                                                                                                                                                      SHA-512:2E90F8DF00609DDAA14A3174DC844EF8E2D26F49E8A2C086251B0643916C84CC6605CE67C6C5A98753C8095BCC63453F64C7A0AA956547A62B7F82C7487502A6
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........PK..1%..1%..1%..I...1%.D$..1%.I$..1%..1$..1%.D ..1%.D!..1%.D&..1%..D-..1%..D%..1%..D...1%..D'..1%.Rich.1%.........................PE..d....B.f.........." .....6...................................................0............`.................................................\...d...............l............ ..0... ...............................@...8............P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...H...........................@....pdata..l...........................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_des3.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):57344
                                                                                                                                                                                                      Entropy (8bit):4.2524132143312645
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:384:Z4cmHBeIzNweVy/CHkRnYcZiGKdZHDLq80vnKAnKBrZWsURygUX:2EO6CHnX0vZn7
                                                                                                                                                                                                      MD5:17DEF19C3094153CC6CF76B7DAA71553
                                                                                                                                                                                                      SHA1:62E1D370F232C9421C9DEDB28DE2078B43D08651
                                                                                                                                                                                                      SHA-256:C20CD1A2A9082551F0F37B87AEDE89BFFDBD02B38BF03D0E73AEBAC3733DCC4D
                                                                                                                                                                                                      SHA-512:E2FBCF2729AB3972B65F35813BCE4E434160C7F798FB2C98088551D055C05ED1D49A8F3BD9D1C522B0D28CD120EB6A4BC9FACFC44674340ADB3FE45AA1FAC292
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........PK..1%..1%..1%..I...1%.D$..1%.I$..1%..1$..1%.D ..1%.D!..1%.D&..1%..D-..1%..D%..1%..D...1%..D'..1%.Rich.1%.........................PE..d....B.f.........." .....8...................................................0............`.....................................................d............................ ..0... ...............................@...8............P...............................text...X7.......8.................. ..`.rdata......P.......<..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_ecb.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):10240
                                                                                                                                                                                                      Entropy (8bit):4.691147079095514
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:Bddz2KTnThIz0qfteRY4zp+DUPLui8p1cqgHCWt:t2E9RqfCXp+DUjuRpLgiWt
                                                                                                                                                                                                      MD5:4DB0AC98329AE64CEC9C28570AF52968
                                                                                                                                                                                                      SHA1:8F7D327C1049C27B0DF6BC6C2017CC302BA99A10
                                                                                                                                                                                                      SHA-256:5A43E3809403668ED6C6F17A71828EB8CD0DCB64AFC09B815A4B9F05C3661714
                                                                                                                                                                                                      SHA-512:515E0B972A644620C27B3C074AEE62B8BA5AA679B0E1C936F616C5537A83C7CA762B7A6C7ACC3279AB235D1D344DB9423CDC1ABF7C72775D4BBFB2CB24CBF6B9
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d....B.f.........." ................P........................................p............`.........................................0'.......'..P....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_eksblowfish.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):22016
                                                                                                                                                                                                      Entropy (8bit):6.121802927133552
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:384:0UX0JfbRwUtPMbNv37t6K5jwbDEpJgLa0Mp8mJCkgJrAm:KNbRw8EbxwKBwbD+gLa1ch
                                                                                                                                                                                                      MD5:257E449799177D7F43EB1B8ED6180C1C
                                                                                                                                                                                                      SHA1:E023424CCBDCE4EF3CC5D0A723FE2D2E02363CAB
                                                                                                                                                                                                      SHA-256:8425C2E412045DA204419B41D80D6538636F13FD187F7F8A259F29F5380A2536
                                                                                                                                                                                                      SHA-512:944070BD07EDB03BC8EC599D26D3B182F27A71DA2DB1C79CA01914F5637AE1BB9C47E0F2D56C8FC1433E325C1BAF903E330BE123C0CB36E6F355FF5DB649D9FA
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d....B.f.........." .....(...0......P.....................................................`.........................................0Y.......Y..d............p..................0....Q...............................R..8............@...............................text...H'.......(.................. ..`.rdata.......@... ...,..............@..@.data...H....`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..0............T..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_ocb.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):17920
                                                                                                                                                                                                      Entropy (8bit):5.293998683514664
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:384:XPHoDUntQjNB+/yw/pogeXOvXoTezczOo3p9iJgD93iNgnVbwhA:iUOhBcDRogeXOfoTezcio3pUJgD93i+
                                                                                                                                                                                                      MD5:ED75912A048CA3C2E0FE8E7307559347
                                                                                                                                                                                                      SHA1:BB0998846468A91A5FB6D9725439C2F62E02CC21
                                                                                                                                                                                                      SHA-256:EB1085A28631FE3C8B3350B19DDDC5C2EAF9B2CBF1C578FDFBF6B72FDF0B909C
                                                                                                                                                                                                      SHA-512:C04F62F57E0395EC731180F6CE9568A35C00BE51AE172F2F6EEE4D9D6726F5BDC41A55E8043D596E9724CCEE00F861F349E3F787FC3C1B5ADB47F8C194A23FB1
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d....B.f.........." .....(... ......P.....................................................`.........................................pI......lJ..d....p.......`..................(....A...............................A..8............@...............................text....'.......(.................. ..`.rdata.......@.......,..............@..@.data........P.......<..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc..(............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Cipher\_raw_ofb.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):11776
                                                                                                                                                                                                      Entropy (8bit):4.86291799390376
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:96:ra+F/1NtJ9t4udqaj01rlALnNNJSS2sP+YEdMN+F9FdKaWDCLk+VOmWbucX6gRCk:dF/1n7Guqaj0ktfEON+bMDClJcqg0Gd
                                                                                                                                                                                                      MD5:DAE7F4DD6792FB84C91BD45D44ED6C96
                                                                                                                                                                                                      SHA1:A88EB81D4D72ADC4C7F7402338F9D5760957EFC3
                                                                                                                                                                                                      SHA-256:01EB2117F0223F0447CD16B5EC79BAF3430871DA8EF461404BA13592D2E8A89C
                                                                                                                                                                                                      SHA-512:66E98AE82073ABB24E9053203F41CEBB4AC30A461FE2A62BAA1190970E1BE7567F495914E017EC94B6B911BAB721E63A7FF2D1D85E29D5824AB3D9BC9FB9FCE4
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d....B.f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......$..............@....pdata..X....P.......&..............@..@.rsrc........`.......*..............@..@.reloc..(....p.......,..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_BLAKE2b.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):14336
                                                                                                                                                                                                      Entropy (8bit):5.227344334667063
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:7aF/1n7Guqaj0ktrE8o2o+V2rQnjt1wmg9jtveDi4clG6VcqgOvgdd:7wGXkFE8Zo+AojO9jZeD85rgOvgz
                                                                                                                                                                                                      MD5:607DD619A4BBB03D587D5D4C6A145B25
                                                                                                                                                                                                      SHA1:CC3024641B61EB3F8DB9BFBC3CEA72EAA2F58FE3
                                                                                                                                                                                                      SHA-256:944598CCCB552A1E00DBD3915F11BAB5E38E8B1AE2ADC05BCDEAED42F28723FC
                                                                                                                                                                                                      SHA-512:C3C2B22377747CD9A8F19218A048EA55523AE384EAD43492662D1DDB54281E0AF8E2C34B815CD4AFA96A65CF407DE89745B1E74A5830FEA19F3B9500A0086C0D
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d....B.f.........." ................P.....................................................`..........................................8.......9..d....`.......P..@............p..(....2...............................2..8............0...............................text...x........................... ..`.rdata.......0....... ..............@..@.data...H....@......................@....pdata..@....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_BLAKE2s.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):13824
                                                                                                                                                                                                      Entropy (8bit):5.1766092054656285
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:yF/1n7Guqaj0ktrESsrUW+SBjsK5tcQmEreDLmf1AoxkVcqgOvgXQ:IGXkFE/UW575tA2eDy1Ao2rgOvgX
                                                                                                                                                                                                      MD5:1DEE6707A941E02202A47C58408ED538
                                                                                                                                                                                                      SHA1:511387A5A611119BA81377931DA5A8DA5C429B78
                                                                                                                                                                                                      SHA-256:4E76A0BE3E295571172CF1D06DBCC48F715357BB496D8567D9376667326FA5EF
                                                                                                                                                                                                      SHA-512:F29063D04151C9DF75CA2C138FBA5F9E4DA551F0FDFA7A8A83390DF0DCDE064038BA87EEC4C852A87D80CEF0DC38306AED1121D06A6B337E4CC722E4057C432A
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d....B.f.........." ................P.....................................................`..........................................8.......9..d....`.......P..@............p..(....2...............................2..8............0...............................text...h........................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata..@....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_MD2.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):14336
                                                                                                                                                                                                      Entropy (8bit):5.0474332549987055
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:384:HalCvH32p3/2pnEhKnLg9yH8puzoFaPERIQAvHDgCIg5kP:gCvHmp3OpnEhmLg9yH8puzoFaPERIQg1
                                                                                                                                                                                                      MD5:B75BE9023BA98415A8ED687A4115B0C9
                                                                                                                                                                                                      SHA1:860ADADC887580255B0C9580392AF7CA8155D7A6
                                                                                                                                                                                                      SHA-256:3E04C68EBF4834B8F9CCD1AFD29302E2D76B03874D8611BBD6E8750CD18AA317
                                                                                                                                                                                                      SHA-512:7B566F523635EA0D7082D564A4E13EEFC254D1A6DC27593FB79DF2E76C95BC24E3CF4637C19505BD709BF44D5110666C1373C9936F5A84ED51D86093F2F2188A
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d....B.f.........." ......... ......P.....................................................`.........................................@9.......9..d....`.......P..(............p..(....2...............................2..8............0...............................text...X........................... ..`.rdata..@....0......................@..@.data...x....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_MD4.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):13824
                                                                                                                                                                                                      Entropy (8bit):5.099563420082932
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:hsiXeqVb0lwbH4P01sAD7I/9hAkwDmzBEbcqgqLg:/alqH4M1sAD7KvpwDVtgqLg
                                                                                                                                                                                                      MD5:B0A744729C904B9955D580A919AF5F28
                                                                                                                                                                                                      SHA1:04B9346C7935945EF796BE8A46304F43162C6C02
                                                                                                                                                                                                      SHA-256:D2341DA9A7EE7D88CDD61FB008A2F5D66D386129DCA52B60745B9A6FC996A428
                                                                                                                                                                                                      SHA-512:F1D42900B7108AD2A82DC13BB9605972873EAE000C76BFDFAAA338A634DB114E4893642CBB532D9DA1C5FA762833ACCA3F6F287E4D379515452600A4A3591679
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d....B.f.........." ................P.....................................................`.........................................08.......8..d....`.......P..(............p..(....1...............................2..8............0...............................text............................... ..`.rdata..0....0......................@..@.data........@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_MD5.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):15360
                                                                                                                                                                                                      Entropy (8bit):5.45178953834791
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:384:XfwogDHER1wuiDSyoGTgDcOviNgEPrLg:vgDHELwuiDScTgDBi+EP
                                                                                                                                                                                                      MD5:0D56F87EED6685569C363CD7B482FF0E
                                                                                                                                                                                                      SHA1:10EC6EA5D10CB98312B463E681C71A69CB529B11
                                                                                                                                                                                                      SHA-256:88E5A5508C7F672D130C2BAD89A892670967A8DF9B07DC479C37E00D3A23F8FF
                                                                                                                                                                                                      SHA-512:CA8C6B60377706D4BBF6FFD1AEAB7BCE36350CC92E9E1EEF0F7C1096A435745CB96E2518CC99DD03859CA2377B434A6D443054C30A7E563E0B6DAE8E7470CBAD
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d....B.f.........." ..... ..........P.....................................................`..........................................8......`9..d....`.......P..X............p..(....1...............................1..8............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........@.......2..............@....pdata..X....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..(....p.......:..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_RIPEMD160.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):13824
                                                                                                                                                                                                      Entropy (8bit):5.10501678535697
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:lF/1n7Guqaj0kt7/Ev9kt0Qwac6QzD+iD0QocqgI4G0S:RGXkd/EvGt9wacNDJAgI4v
                                                                                                                                                                                                      MD5:3CF2B33DB41381691EF10E43AC6D9C74
                                                                                                                                                                                                      SHA1:F6EFDF5534BA86A8EF47B6499D85F618CEB93824
                                                                                                                                                                                                      SHA-256:C0FC3EB011753C30C79A6AA6982BF764174449E12BFEEACF475E42249EFAA218
                                                                                                                                                                                                      SHA-512:C47B5BF98798770029A49ABC1249916C5CB76119C0EF31E770D82813D084A57292B087133EE1CF025DF9A977B647A48EDDFAE2246E045CB2ACBCC71ACD57134A
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d....B.f.........." ......... ......P.....................................................`..........................................9.......:..d....`.......P...............p..(...@3..............................`3..8............0...............................text...H........................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata.......P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_SHA1.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):17920
                                                                                                                                                                                                      Entropy (8bit):5.67112951018799
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:384:DPHoDUntQj0sKhDOJ+0QPSfu6rofDciZzgE+kbwb:mUOYsKNO466DcoUE+
                                                                                                                                                                                                      MD5:2EFA942A436CA17562FB49BB66ACDCC4
                                                                                                                                                                                                      SHA1:50B2841914E9A1237AC29C7A681F0951C03D59A4
                                                                                                                                                                                                      SHA-256:4810A6392848B3FF20D67A531A26DAAF2E1F2FE37CF61C0245D24CB0FA00177D
                                                                                                                                                                                                      SHA-512:BAD96C34D318B975330F720B422C758DDC91AE6AB34B873F9A68F060F52552939654AC7A78D49EA787D7F182E293C604F772BEA9E027D0159A43C9F06957D392
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d....B.f.........." .....*..........P.....................................................`..........................................H......hI..d....p.......`..X...............(....A...............................A..8............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data........P.......<..............@....pdata..X....`.......>..............@..@.rsrc........p.......B..............@..@.reloc..(............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_SHA224.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):21504
                                                                                                                                                                                                      Entropy (8bit):5.878788018845523
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:384:VJWo4IRCGHX1KXqHGcvYHp5RYcARQOj4MSTjqgPmJD1O2gkxEv:VcIRnHX1P/YtswvaD1Qk
                                                                                                                                                                                                      MD5:5CB71342E09FAA10F9C4B55E56746DEB
                                                                                                                                                                                                      SHA1:E1F5F0225CE90F3FAC8A3BC7898A18F145A15317
                                                                                                                                                                                                      SHA-256:30EB7E9CB9ECC84A424864E20B01EBA47ECB7E8597A83244C35798A1AB75F2E3
                                                                                                                                                                                                      SHA-512:5E5A154FB41E969021974889B1D5B5D657464D9B3C94AABA6F3DF74424934DA9D02786B242A6781257BF148198CE352B1851E46612BBD4C112B6677DB874BD08
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d....B.f.........." .....6... ......P.....................................................`.........................................@Z......([..d............p..................(....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..x....P.......:..............@..@.data........`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..(............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_SHA256.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):21504
                                                                                                                                                                                                      Entropy (8bit):5.881719483503825
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:384:mJWo4IRCGHXfKXqHGcvYHp5RYcARQOj4MSTjqgPmJD1IgkxEv:mcIRnHXfP/YtswvaD1tk
                                                                                                                                                                                                      MD5:15E2C2434668D1648D9147156B0A44C6
                                                                                                                                                                                                      SHA1:BEA635ADFD889381CC324D2612606E409518261D
                                                                                                                                                                                                      SHA-256:EBEE833D40ED09ABCCFF1F415B4A4CB1EC6F8D84431067980B09A36450EDB9F8
                                                                                                                                                                                                      SHA-512:197818202B07F97DC370F456A1F59A5210C8AF7E8221D6E0BBF8A96E8190668DD29D353BFFB0F833FC622B8F797558708446CDDE7A062ECD8C66D67B87262445
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d....B.f.........." .....6... ......P.....................................................`.........................................@Z......([..d............p..................(....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..x....P.......:..............@..@.data........`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..(............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_SHA384.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):26624
                                                                                                                                                                                                      Entropy (8bit):5.837967098997982
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:768:C839Cc4itui0gel9soFdkO66MlPGXmXcyYDTHks:Zs4u/FZ6nPxMLDzk
                                                                                                                                                                                                      MD5:BEF2C0DD6DFB0C99F49681520FAC9C29
                                                                                                                                                                                                      SHA1:A97FD9EBA05C3D5B14839A1BEFC34C72D407FD2D
                                                                                                                                                                                                      SHA-256:DD8B11D83208286EC46A4698EE57AA354BFA2B6EEBDD97245D49007304439884
                                                                                                                                                                                                      SHA-512:D5C1CE51A6AA8455987ED5FC7B6511B373569D71EB14662C1E452D5279D44FAB3AECE9CA763B41C34CA350F4C4E18F8378EA513091B348BD745490233C60338B
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d....B.f.........." .....H..."......P.....................................................`..........................................k.......l..d...............................(...pd...............................d..8............`...............................text....F.......H.................. ..`.rdata.......`.......L..............@..@.data................^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..(............f..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_SHA512.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):26624
                                                                                                                                                                                                      Entropy (8bit):5.895432566171149
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:768:4cX9Nf4ttui0gel9soFdkO66MlPGXmXc/vDTxvk:338u/FZ6nPxM3D9k
                                                                                                                                                                                                      MD5:D6D6E9C22ED2A06562D4D6D4A43F7FE7
                                                                                                                                                                                                      SHA1:773F848975F6ABA43618D65EC518FA9B62CD4DC1
                                                                                                                                                                                                      SHA-256:CF97616BF0CB1EEEC2906FE47CF219332EE697C43A2F2E4D0E67DA40360C1ADE
                                                                                                                                                                                                      SHA-512:B4C1F45A74B966FF1E047B0B0E429204CDA6E033B0923BCAF78959AE2974D71F6C6B25E598A4770C30EAE46738C90C3C455759EF63CE1867DC0229A167DD7256
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d....B.f.........." .....H..."......P.....................................................`.........................................@l......(m..d...............................(....d...............................e..8............`...............................text...hG.......H.................. ..`.rdata..x....`.......L..............@..@.data................^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..(............f..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_ghash_clmul.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):12800
                                                                                                                                                                                                      Entropy (8bit):4.967920497161766
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:dUWt/1nCuqaL0kt7TsEx2fiTgDFqGF0T7cqgkLgJ:c/k1Ts64DDVyBgkLg
                                                                                                                                                                                                      MD5:26798493D96B2B2CB9601C0708595B84
                                                                                                                                                                                                      SHA1:CEC50F2D5D38E3410F1FFE1546A08BE35847B198
                                                                                                                                                                                                      SHA-256:84E5F449D863E2801C93C84648AB18C078FE52D75CE4309632AFC295081AB5E8
                                                                                                                                                                                                      SHA-512:3F8F3BB54CD0755CCCD4CF6E8ED29C2D0F1C10BAEB6A0E58D6DB51F5A5A442D653114EB2AC8EE78833E26F71275602F0B3B0E06C333B22BB45C1D2E7A70F278C
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d....B.f.........." ................P.....................................................`.........................................P8.......8..d....`.......P...............p..(....1...............................1..8............0...............................text............................... ..`.rdata..2....0......................@..@.data...H....@.......(..............@....pdata.......P.......*..............@..@.rsrc........`......................@..@.reloc..(....p.......0..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_ghash_portable.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):13312
                                                                                                                                                                                                      Entropy (8bit):5.007946351080744
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:gt/1nCuqaL0ktPH0T7fwtF4zDD2rGacqgRGd:N/kpU3Yv4zDLqgRGd
                                                                                                                                                                                                      MD5:BEA27CB11A8529D6AD11373531E5222F
                                                                                                                                                                                                      SHA1:74B61DA8FD39F03136B4FAD7FAA7E5A1EA7C1116
                                                                                                                                                                                                      SHA-256:1EB72BD49457080CE1432EB28E85134D7BD4344BCCD9357839ACBBFA9236B868
                                                                                                                                                                                                      SHA-512:49FEC85D5853DDB352ABC93BE6CAB3C42F2A3DBCDF32A90FE7FFF6E5BF378514C594328C7845F892508C8301F8224F7A6A26F44458A6A9EBC59D99B7CCEF8F4B
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d....B.f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..X....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..(....p.......2..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_keccak.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):15872
                                                                                                                                                                                                      Entropy (8bit):5.22636430845807
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:384:FfRKTN+HLjRskTdf4WazSTkwjEvuY2bylHDIYIgovg:YcHfRl5pauoSjy5DIE
                                                                                                                                                                                                      MD5:7F4AFB84A7F42103E1AD2FB97F01B924
                                                                                                                                                                                                      SHA1:19A74E979422911557F4E1A04ED8D1E64840B5CD
                                                                                                                                                                                                      SHA-256:FCB30E2A27EDD1410A6D7D2DE29DC194E70A5DC4F54B705E6BBA9E6E7AF411DD
                                                                                                                                                                                                      SHA-512:EF50B41D44FBC886CA27A1FB70EB9F7C7BFF2C659A90C893E1930C6525B39E1E40045176A57745EABC2E4503F353E65CC5D9C1899F25E5793EA26E353356AD5A
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d....B.f.........." ..... ... ......P.....................................................`..........................................9.......9..d....`.......P..X............p..(...p2...............................2..8............0...............................text............ .................. ..`.rdata..@....0.......$..............@..@.data........@.......4..............@....pdata..X....P.......6..............@..@.rsrc........`.......:..............@..@.reloc..(....p.......<..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Hash\_poly1305.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):14848
                                                                                                                                                                                                      Entropy (8bit):5.261897747374345
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:XZN2eq/b04PAHH41F6fnVS0sVn+5CA5Z1cDz6WGcqgFjLg:iI4IHHaQfSVnCZyDvmgFjLg
                                                                                                                                                                                                      MD5:F6388659B3203E6ACCF2B317382162B6
                                                                                                                                                                                                      SHA1:F3DBFF5935B069E9256A20B8B7B49AB203602C67
                                                                                                                                                                                                      SHA-256:07EF9E9C2D43342000E048AB8F4ECB92A9298B32AC1D2D0ACD90501350EDA7D5
                                                                                                                                                                                                      SHA-512:B2C2CE460D4F8F91AD4EF3C36D6E3B8E65BAA1B5F2B9A7BFDB4D400F0467BA1A4C827AD4A344F5C4A5DC0DA61AA226C8ABF27DBBFF8DC791F085C9F25F504471
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d....B.f.........." ................P.....................................................`..........................................8.......9..d....`.......P..|............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......."..............@..@.data........@.......0..............@....pdata..|....P.......2..............@..@.rsrc........`.......6..............@..@.reloc..(....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Math\_modexp.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):36352
                                                                                                                                                                                                      Entropy (8bit):5.913982056265063
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:384:qspbXtHQY4ubrttQza9CHnZXQsnecAlOF0qZLAXxQI3Sya6XPpMg3Yx8MnDcCPSj:6Y44UagH6cAFCLUSYpMg3YDzPo5/G9G
                                                                                                                                                                                                      MD5:7376120CC8C5E3BA94CD453A464F96A2
                                                                                                                                                                                                      SHA1:E6D3D75AEBFE144EBD5D894BB54D1D272B76D92E
                                                                                                                                                                                                      SHA-256:D1AD22734319F91CC9D3002884C1EEA79107F4E2D2D21B0CBE22F33AE73E4DD1
                                                                                                                                                                                                      SHA-512:E02F2081E4BC87D572127DBBD97F1CB6933F37424B5FD5AC6F3149250BE5128525A9D92057E1C605990B710A6C2F20389D24F24569E14D51FDC2B4615D97D6BC
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d....B.f.........." .....`...0......`.....................................................`..........................................~..|...L...d...............<...............(....q...............................q..8............p..(............................text...X^.......`.................. ..`.rdata.......p.......d..............@..@.data................x..............@....pdata..<...........................@..@.rsrc...............................@..@.reloc..(...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Protocol\_scrypt.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):12288
                                                                                                                                                                                                      Entropy (8bit):4.735395385607169
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:rcsC3eqv6b0q3OQ3rHu5bc64OhDXI/p3cqgONLg:rmHq3jHuY64OhDGJgONLg
                                                                                                                                                                                                      MD5:308C6E862A3554F1B5587D003F4B1BBF
                                                                                                                                                                                                      SHA1:800955D3A24065766E5825C8324B7F48CD02F073
                                                                                                                                                                                                      SHA-256:671AAD8B7FAE31E076DF50C947CD198369EEA6379E6FA1B058596E528F5DA561
                                                                                                                                                                                                      SHA-512:35B27A6320A8046F7E7BC42B9AF8414B076F5334467576A0E83C6D7992EC3675F73CF0FC72AE6DA402FF70DD16FCC0C29287AB27AD04BB346D5229D62DEB54A5
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^:.6?T.6?T.6?T.?G..2?T.dJU.4?T.}GU.5?T.6?U..?T.dJQ.<?T.dJP.>?T.dJW.5?T..J\.7?T..JT.7?T..J..7?T..JV.7?T.Rich6?T.........................PE..d....B.f.........." ................P.....................................................`..........................................8..d....8..d....`.......P..4............p..(....1...............................1..8............0...............................text...H........................... ..`.rdata..0....0......................@..@.data........@.......&..............@....pdata..4....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..(....p......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\PublicKey\_curve25519.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):22528
                                                                                                                                                                                                      Entropy (8bit):5.7058009726968155
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:384:b9BcRxBmau38CYIl9bhgIW0mvufueNr359/tjGGDmFSegqrA:TcRy38J+9dmvufFtaGDH
                                                                                                                                                                                                      MD5:63E585DC95B65FAE903369EFC94B35F4
                                                                                                                                                                                                      SHA1:F03B387DD3AAA943F84C4507B191FCF9FD1C5D2A
                                                                                                                                                                                                      SHA-256:DD3B3B23C388C4D6956C1572EA153DF62B02BA6AD7C5632D9254B0D091400E2E
                                                                                                                                                                                                      SHA-512:AFFA8FF13561ED69D47A873220B482E4AD09766338ECBF5E8A9DC4C5E95D22613BD5B70119218295096C5B54351AACE4A437173D5E99D8D000ADD726019D4DA3
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d....B.f.........." .....6...$......P.....................................................`.........................................`Y......`Z..d............p..................(....R..............................0R..8............P...............................text...(5.......6.................. ..`.rdata.......P.......:..............@..@.data........`.......J..............@....pdata.......p.......P..............@..@.rsrc................T..............@..@.reloc..(............V..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\PublicKey\_curve448.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):70656
                                                                                                                                                                                                      Entropy (8bit):6.019125929952969
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:+fju4GgRMgWWnEDZiECgd/iwOXUQdbhov0Clb8Cx4hpK8ithLFIDullRPwDHxXja:CXRMgWiEDZiECgd/iwOXUQdbhov0Clb1
                                                                                                                                                                                                      MD5:81EA717DAABBE21EA84BCA3E947C1557
                                                                                                                                                                                                      SHA1:B98EE93811A9A262E4197D13DDB78441A90CCBB3
                                                                                                                                                                                                      SHA-256:A12601F82A9C3C92552B1A80D310C7922ABE9A03BB58ACDB749216FA5EFC6D51
                                                                                                                                                                                                      SHA-512:126E7DFC828A39A37F72C989566FAF4E5E2842C46D47B77DC74E10D1E88ED5B7FB1011C93C13FF474F824EC8222A25305A55961408AD96EECBCD3A57D2EAB721
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d....B.f.........." .........8......`........................................P............`.............................................0.......d....0....... ..$............@..(.......................................8............................................text...8........................... ..`.rdata..............................@..@.data...............................@....pdata..$.... ......................@..@.rsrc........0......................@..@.reloc..(....@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\PublicKey\_ec_ws.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):770560
                                                                                                                                                                                                      Entropy (8bit):7.613225426906836
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12288:WtIrHoxJ8gf1266y8IXhJvCKAmqVLzcrZgYIMGv1iLD9yQvG6h:WtIrHoxJFf1p34hcrn5Go9yQO6
                                                                                                                                                                                                      MD5:6E423574D805A2A8D0FCF599B3DB13E8
                                                                                                                                                                                                      SHA1:551D39DCC40A2049B7668DFF28A61949AB23C11A
                                                                                                                                                                                                      SHA-256:4372D02096FEB267F131F35644E902E19FB4BA6CE6CBDEF5E42D06BA78C0C74F
                                                                                                                                                                                                      SHA-512:67CF163D73C7E81ECCEE9F00ED698BA9C3DD2CBB3F7F5E81C740210ED37773F6820879F1BE528B5AC3D16969895EF18293BE194860C34CFED527065EBF966BDA
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........s.. .. .. ... .. ..!.. ..!.. .. .. ..!.. ..!.. ..!.. \..!.. \..!.. \.r .. \..!.. Rich.. ................PE..d....B.f.........." ................`.....................................................`.............................................h.......d...............................0......................................8...............(............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..0...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\PublicKey\_ed25519.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):26112
                                                                                                                                                                                                      Entropy (8bit):5.855495726605704
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:384:2czadRwoF2MZ81n0XTyMCYIl9bhgIW0mv8aeadRcwRwftjGLD2aRQNgQQ77k:vudRf2MuMJ+9dmv8aea34taLDDfQ
                                                                                                                                                                                                      MD5:6B1383F534E7DAFB5C02F126AB34CE06
                                                                                                                                                                                                      SHA1:4D00AE8BBB2B2EB7618CFA8854E99EE359F73556
                                                                                                                                                                                                      SHA-256:D620E2F1FB049A5B8094E47F3CB2D790E11D9FEC68939323727D5ED52BF93170
                                                                                                                                                                                                      SHA-512:724496B47EA52AAF1E3D2A8F00BCA4948DB36F32F29950A4DDE96D53DA12AAD61FDF53DB9E97DB8676A5C52499BE912F2AB0F47D9FC2764DB5F2FCECC1329612
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d....B.f.........." .....B...&......P.....................................................`..........................................i..0....k..d...............................(... b..............................@b..8............`...............................text....A.......B.................. ..`.rdata..P....`.......F..............@..@.data........p.......V..............@....pdata...............^..............@..@.rsrc................b..............@..@.reloc..(............d..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\PublicKey\_ed448.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):84992
                                                                                                                                                                                                      Entropy (8bit):6.064765416588426
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:/rYNvxcZeLrIeNs2qkTwe57DsuP45PqAqVDK9agdUiwOXyQdDrov0slb8gx4TBKk:/r4vxcZeLrIeN1TvHsuP45yAqVDK9agR
                                                                                                                                                                                                      MD5:11B6F5FD2BDB4F885D9A46E8F3424AC8
                                                                                                                                                                                                      SHA1:E019D39543FCB9C25179CC73D79877749D7ADD7E
                                                                                                                                                                                                      SHA-256:1B392561C21E555E78CEF0F823C682E2892C751FE7DA51C3137BAA87B2EE5223
                                                                                                                                                                                                      SHA-512:6C3A9751656FEA10A690DEC29130B910E8ADD7CC6B547A053E1FBA64604F768D5719258AA96E49CA08669080ADA64FF668F7135D458906E7B58C4473F45AF098
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d....B.f.........." .........8......`.....................................................`..........................................C..h...HE..d....p.......`..l...............(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......4..............@....pdata..l....`.......>..............@..@.rsrc........p.......H..............@..@.reloc..(............J..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Util\_cpuid_c.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):10240
                                                                                                                                                                                                      Entropy (8bit):4.67646605814196
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:96:f0QRpBddzAvzrqTOy/ThIz014mlxuLnkC75JiSBhsPeSztllIDeqf4AZaRcX6gnO:5ddz2KTnThIz0qfteRIDxRWcqgnCWt
                                                                                                                                                                                                      MD5:690FC8D8423EE69C662F11CD6406CEF1
                                                                                                                                                                                                      SHA1:A0B78AF3BC976C8AAFA1FE80EF71F22D4BF7080B
                                                                                                                                                                                                      SHA-256:BD597E5853A3F2CAD1D4E5743170A66383BE18D215F8F83BE2A473736EE28718
                                                                                                                                                                                                      SHA-512:B08DD641AEF8C663174C4AD436915FFC4C4AFB70B8A9719F535F1F99B7B29240A0C8951E19F3348C010DAD3000B6B5173B1DEF077EC6D96BB8A3D3E9BE339A40
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d....B.f.........." ................P........................................p............`.........................................@'..|....'..P....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\Cryptodome\Util\_strxor.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):10240
                                                                                                                                                                                                      Entropy (8bit):4.625951827424241
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:96:fyipBddzAvzrqTOy/ThIz014mlxuLnkC75JiSBhsPeSzteXuDeZqYNIfcX6gHCWx:Hddz2KTnThIz0qfteR5DewYkcqgHCWt
                                                                                                                                                                                                      MD5:174B652C8E6C40C36C8AB06A20A34C01
                                                                                                                                                                                                      SHA1:F3CB9321100DCE3A8D79B0FC517CC58E05D26E41
                                                                                                                                                                                                      SHA-256:42AF8D99FC975720585D25D767FC825D4922C088B6C2B13EE2DE23E439523610
                                                                                                                                                                                                      SHA-512:9F0C444069E477A043C85F606BF1A3FB695773DBC16D1124A4B2D771EA0385B797552031433CB625D7DC9C8D490EB0EF8FA2C13AA628EBBA58DF6A0530913F32
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d....B.f.........." ................P........................................p............`......................................... '..t....'..P....P.......@...............`..(....!...............................!..8............ ...............................text...h........................... ..`.rdata..`.... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\VCRUNTIME140.dll

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):119192
                                                                                                                                                                                                      Entropy (8bit):6.6016214745004635
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:+qvQ1Dj2DkX7OcujarvmdlYNABCmgrP4ddbkZIecbWcFML/UXzlghzdMFw84hzk:+qvQ1D2CreiABCmgYecbWVLUD6h+b4ho
                                                                                                                                                                                                      MD5:BE8DBE2DC77EBE7F88F910C61AEC691A
                                                                                                                                                                                                      SHA1:A19F08BB2B1C1DE5BB61DAF9F2304531321E0E40
                                                                                                                                                                                                      SHA-256:4D292623516F65C80482081E62D5DADB759DC16E851DE5DB24C3CBB57B87DB83
                                                                                                                                                                                                      SHA-512:0DA644472B374F1DA449A06623983D0477405B5229E386ACCADB154B43B8B083EE89F07C3F04D2C0C7501EAD99AD95AECAA5873FF34C5EEB833285B598D5A655
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../c../c../c._]b./c..W.../c../b./c../c../c...`./c...g./c...f./c...c./c....../c...a./c.Rich./c.........................PE..d.....cW.........." ...&. ...d......................................................-.....`A.........................................e..4...4m...........................O...........N..p............................L..@............0...............................text...&........................... ..`fothk........ ...................... ..`.rdata..\C...0...D...$..............@..@.data...p............h..............@....pdata...............l..............@..@_RDATA...............x..............@..@.rsrc................z..............@..@.reloc...............~..............@..B................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\_asyncio.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):71448
                                                                                                                                                                                                      Entropy (8bit):6.247581706260346
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:rRaPPkDN3nkiP6djtX5IkTIL1yUvGJtIAOnT7SyqWx5:9anmN3nkikjV5IkTIL1yUuJtIAOnTgi
                                                                                                                                                                                                      MD5:209CBCB4E1A16AA39466A6119322343C
                                                                                                                                                                                                      SHA1:CDCCE6B64EBF11FECFF739CBC57E7A98D6620801
                                                                                                                                                                                                      SHA-256:F7069734D5174F54E89B88D717133BFF6A41B01E57F79957AB3F02DAA583F9E2
                                                                                                                                                                                                      SHA-512:5BBC4EDE01729E628260CF39DF5809624EAE795FD7D51A1ED770ED54663955674593A97B78F66DBF6AE268186273840806ED06D6F7877444D32FDCA031A9F0DA
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z2.T.S...S...S...+r..S...,...S...,...S...,...S...,...S..$....S..U+...S...S...S..$....S..$....S..$....S..$....S..Rich.S..........PE..d......e.........." ...%.f................................................... ......')....`.............................................P......d......................../..............T...........................@...@............................................text...=d.......f.................. ..`.rdata..pO.......P...j..............@..@.data...(...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\_bz2.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):84760
                                                                                                                                                                                                      Entropy (8bit):6.5874715807724025
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:RS7z7Sj2u5in5IVfC83zYxzbdK87kW1IACVw7SyrxX:I7z+jum3MJdN7kW1IACVwX
                                                                                                                                                                                                      MD5:59D60A559C23202BEB622021AF29E8A9
                                                                                                                                                                                                      SHA1:A405F23916833F1B882F37BDBBA2DD799F93EA32
                                                                                                                                                                                                      SHA-256:706D4A0C26DD454538926CBB2FF6C64257C3D9BD48C956F7CABD6DEF36FFD13E
                                                                                                                                                                                                      SHA-512:2F60E79603CF456B2A14B8254CEC75CE8BE0A28D55A874D4FB23D92D63BBE781ED823AB0F4D13A23DC60C4DF505CBF1DBE1A0A2049B02E4BDEC8D374898002B1
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<..R..R..R......R...S..R.....R...W..R...V..R...Q..R...S..R..S..R..S..R..._..R...R..R......R...P..R.Rich.R.........................PE..d......e.........." ...%.....^......|........................................P......-B....`.............................................H............0....... ..,......../...@..........T...........................p...@............................................text...k........................... ..`.rdata..p>.......@..................@..@.data...............................@....pdata..,.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\_cffi_backend.cp312-win_amd64.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):182784
                                                                                                                                                                                                      Entropy (8bit):6.193615170968096
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:YRAMUp3K6YoDssyudy4VcRG+nR3hnW3mjwwOdkS9S7iSSTLkK/jftw3buz:Y6MyK65ssy+MG+LnSUwjD9zSSTLL/jl8
                                                                                                                                                                                                      MD5:0572B13646141D0B1A5718E35549577C
                                                                                                                                                                                                      SHA1:EEB40363C1F456C1C612D3C7E4923210EAE4CDF7
                                                                                                                                                                                                      SHA-256:D8A76D1E31BBD62A482DEA9115FC1A109CB39AF4CF6D1323409175F3C93113A7
                                                                                                                                                                                                      SHA-512:67C28432CA8B389ACC26E47EB8C4977FDDD4AF9214819F89DF07FECBC8ED750D5F35807A1B195508DD1D77E2A7A9D7265049DCFBFE7665A7FD1BA45DA1E4E842
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........(...I.C.I.C.I.C.1MC.I.C.<.B.I.C.&#C.I.C.<.B.I.C.<.B.I.C.<.B.I.C.1.B.I.C.4.B.I.C.I.C I.C.<.B.I.C.1KC.I.C.<.B.I.C.<!C.I.C.<.B.I.CRich.I.C................PE..d...g..e.........." .........@......`........................................@............`..........................................w..l....w....... ..........l............0.......]...............................]..8............................................text............................... ..`.rdata..............................@..@.data...h].......0...|..............@....pdata..l...........................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\_ctypes.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):125208
                                                                                                                                                                                                      Entropy (8bit):6.128664719423826
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:DGR936Xz4mHFK0K+bRFOoP+Szlf/EZZBKYyucV6rOoZIALPEA:qQHLK+bvvPNhf/Ei6CoX
                                                                                                                                                                                                      MD5:2A834C3738742D45C0A06D40221CC588
                                                                                                                                                                                                      SHA1:606705A593631D6767467FB38F9300D7CD04AB3E
                                                                                                                                                                                                      SHA-256:F20DFA748B878751EA1C4FE77A230D65212720652B99C4E5577BCE461BBD9089
                                                                                                                                                                                                      SHA-512:924235A506CE4D635FA7C2B34E5D8E77EFF73F963E58E29C6EF89DB157BF7BAB587678BB2120D09DA70594926D82D87DBAA5D247E861E331CF591D45EA19A117
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......x...<...<...<...5.*.:...)...>...)...0...)...4...)...8.......>...w...=...w...:.......?...<..........:.......=.....F.=.......=...Rich<...........................PE..d......e.........." ...%............p_..............................................]R....`.........................................``.......`.........................../......p.......T...............................@............................................text............................... ..`.rdata..Xl.......n..................@..@.data....4.......0...j..............@....pdata..............................@..@.rsrc...............................@..@.reloc..p...........................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\_decimal.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):252696
                                                                                                                                                                                                      Entropy (8bit):6.564448148079112
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6144:Agvd9YyMipyD41q8xDiw9qWM53pLW1AQRRRrBoZtcr3:AQ8yryD47hix4orcr3
                                                                                                                                                                                                      MD5:F930B7550574446A015BC602D59B0948
                                                                                                                                                                                                      SHA1:4EE6FF8019C6C540525BDD2790FC76385CDD6186
                                                                                                                                                                                                      SHA-256:3B9AD1D2BC9EC03D37DA86135853DAC73B3FE851B164FE52265564A81EB8C544
                                                                                                                                                                                                      SHA-512:10B864975945D6504433554F9FF11B47218CAA00F809C6BCE00F9E4089B862190A4219F659697A4BA5E5C21EDBE1D8D325950921E09371ACC4410469BD9189EE
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........mBP\.,.\.,.\.,.Ut..R.,.Is-.^.,.Is).Q.,.Is(.T.,.Is/.X.,.f.-._.,..t-.^.,.\.-...,.f./.].,.f.!.S.,.f.,.].,.f...].,.f...].,.Rich\.,.........PE..d......e.........." ...%.t...<......................................................6.....`.........................................@T..P....T..................0'......./......P...@...T...............................@............................................text....r.......t.................. ..`.rdata...............x..............@..@.data....*...p...$...P..............@....pdata..0'.......(...t..............@..@.rsrc...............................@..@.reloc..P...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\_hashlib.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):65816
                                                                                                                                                                                                      Entropy (8bit):6.242741772115205
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:MElYij3wz91lBafLEmIRhtIAOIW7SybpxC:hYZBaTEmghtIAOIWE
                                                                                                                                                                                                      MD5:B0262BD89A59A3699BFA75C4DCC3EE06
                                                                                                                                                                                                      SHA1:EB658849C646A26572DEA7F6BFC042CB62FB49DC
                                                                                                                                                                                                      SHA-256:4ADFBBD6366D9B55D902FC54D2B42E7C8C989A83016ED707BD7A302FC3FC7B67
                                                                                                                                                                                                      SHA-512:2E4B214DE3B306E3A16124AF434FF8F5AB832AA3EEB1AA0AA9B49B0ADA0928DCBB05C57909292FBE3B01126F4CD3FE0DAC9CC15EAEA5F3844D6E267865B9F7B1
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........u...&...&...&.}&...&..'...&..'...&..'...&..'...&...'...&.x.'...&...&}..&.x.'...&.x.'...&.x.&...&.x.'...&Rich...&........................PE..d.....e.........." ...%.T..........P@....................................................`.............................................P.............................../......X...@}..T............................|..@............p..(............................text....S.......T.................. ..`.rdata..&O...p...P...X..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\_lzma.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):159512
                                                                                                                                                                                                      Entropy (8bit):6.846323229710623
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:Fik7me1FFD+znfF9mNo+Mu6tmxzE41IAZ1Ak:FikSiUNYO+J1E4b
                                                                                                                                                                                                      MD5:B71DBE0F137FFBDA6C3A89D5BCBF1017
                                                                                                                                                                                                      SHA1:A2E2BDC40FDB83CC625C5B5E8A336CA3F0C29C5F
                                                                                                                                                                                                      SHA-256:6216173194B29875E84963CD4DC4752F7CA9493F5B1FD7E4130CA0E411C8AC6A
                                                                                                                                                                                                      SHA-512:9A5C7B1E25D8E1B5738F01AEDFD468C1837F1AC8DD4A5B1D24CE86DCAE0DB1C5B20F2FF4280960BC523AEE70B71DB54FD515047CDAF10D21A8BEC3EBD6663358
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......RH:..)T..)T..)T..Q...)T..VU..)T..VQ..)T..VP..)T..VW..)T.,.U..)T.]QU..)T..)U.s)T.,.Y.,)T.,.T..)T.,....)T.,.V..)T.Rich.)T.........PE..d.....e.........." ...%.d...........6....................................................`......................................... %..L...l%..x....p.......P.......@.../......4.......T...............................@............................................text....b.......d.................. ..`.rdata..............h..............@..@.data...(....@......................@....pdata.......P....... ..............@..@.rsrc........p.......4..............@..@.reloc..4............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\_multiprocessing.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):35096
                                                                                                                                                                                                      Entropy (8bit):6.461229529356597
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:768:OgYvrenSE0PXxxQ0zi+mdIAWtd5YiSyviCAMxkEj:vYTQShxQ0zlmdIAWtD7SyKAxv
                                                                                                                                                                                                      MD5:4CCBD87D76AF221F24221530F5F035D1
                                                                                                                                                                                                      SHA1:D02B989AAAC7657E8B3A70A6EE7758A0B258851B
                                                                                                                                                                                                      SHA-256:C7BBCFE2511FD1B71B916A22AD6537D60948FFA7BDE207FEFABEE84EF53CAFB5
                                                                                                                                                                                                      SHA-512:34D808ADAC96A66CA434D209F2F151A9640B359B8419DC51BA24477E485685AF10C4596A398A85269E8F03F0FC533645907D7D854733750A35BF6C691DE37799
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........*..y..y..y..y..y...x..y...x..y...x..y...x..y.J.x..y..y..y...x..y.J.x..y.J.x..y.Jky..y.J.x..yRich..y................PE..d......e.........." ...%.....>......P...............................................^.....`.........................................0E..`....E..x............p.......Z.../...........4..T............................3..@............0...............................text............................... ..`.rdata..r ...0..."..."..............@..@.data........`.......D..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc...............X..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\_overlapped.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):55576
                                                                                                                                                                                                      Entropy (8bit):6.342203411267264
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:wXRnts3McbN6w/xzWssXZdR1r3RIAXtI7SyNxQ:IRvcsXZdR1rRIAXtI6
                                                                                                                                                                                                      MD5:61193E813A61A545E2D366439C1EE22A
                                                                                                                                                                                                      SHA1:F404447B0D9BFF49A7431C41653633C501986D60
                                                                                                                                                                                                      SHA-256:C21B50A7BF9DBE1A0768F5030CAC378D58705A9FE1F08D953129332BEB0FBEFC
                                                                                                                                                                                                      SHA-512:747E4D5EA1BDF8C1E808579498834E1C24641D434546BFFDFCF326E0DE8D5814504623A3D3729168B0098824C2B8929AFC339674B0D923388B9DAC66F5D9D996
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.{..w(..w(..w(.s.(..w(.tv)..w(.tr)..w(.ts)..w(.tt)..w(.v)..w(..v(..w(.sv)..w(.ss)..w(.z)..w(.w)..w(..(..w(.u)..w(Rich..w(........................PE..d......e.........." ...%.L...`............................................................`.............................................X...X............................/......(....f..T............................e..@............`...............................text....J.......L.................. ..`.rdata..D8...`...:...P..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..(...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\_queue.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):32536
                                                                                                                                                                                                      Entropy (8bit):6.4674944702653665
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:768:0k+cae6rjp5MoNOfZIAQUM5YiSyvjAMxkEKu:5vSjgoNOfZIAQU27SyLxv
                                                                                                                                                                                                      MD5:F3ECA4F0B2C6C17ACE348E06042981A4
                                                                                                                                                                                                      SHA1:EB694DDA8FF2FE4CCAE876DC0515A8EFEC40E20E
                                                                                                                                                                                                      SHA-256:FB57EE6ADF6E7B11451B6920DDD2FB943DCD9561C9EAE64FDDA27C7ED0BC1B04
                                                                                                                                                                                                      SHA-512:604593460666045CA48F63D4B14FA250F9C4B9E5C7E228CC9202E7692C125AACB0018B89FAA562A4197692A9BC3D2382F9E085B305272EE0A39264A2A0F53B75
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z2.\.Sa..Sa..Sa..+...Sa..,`..Sa..,d..Sa..,e..Sa..,b..Sa.$.`..Sa.U+`..Sa..S`.USa.$.l..Sa.$.a..Sa.$...Sa.$.c..Sa.Rich.Sa.........PE..d......e.........." ...%.....8.......................................................I....`..........................................C..L....C..d....p.......`.......P.../..........p4..T...........................03..@............0..8............................text...(........................... ..`.rdata.......0......................@..@.data........P.......<..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\_socket.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):83224
                                                                                                                                                                                                      Entropy (8bit):6.338326324626716
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:MUuhDLiJfz76Xl+1ly+uCt9/s+S+pzcHS58/n1IsJHfsZIALwqw7Syraxi:MU6DL4fHdy+uCt9/sT+pzuSQ1IwHfsZS
                                                                                                                                                                                                      MD5:9C6283CC17F9D86106B706EC4EA77356
                                                                                                                                                                                                      SHA1:AF4F2F52CE6122F340E5EA1F021F98B1FFD6D5B6
                                                                                                                                                                                                      SHA-256:5CC62AAC52EDF87916DEB4EBBAD9ABB58A6A3565B32E7544F672ACA305C38027
                                                                                                                                                                                                      SHA-512:11FD6F570DD78F8FF00BE645E47472A96DAFFA3253E8BD29183BCCDE3F0746F7E436A106E9A68C57CC05B80A112365441D06CC719D51C906703B428A32C93124
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|../8z.|8z.|8z.|1.T|>z.|-..}:z.|-..}5z.|-..}0z.|-..};z.|...}:z.|8z.|.z.|s..}1z.|...}9z.|...}9z.|..8|9z.|...}9z.|Rich8z.|........PE..d......e.........." ...%.v...........-.......................................`............`.............................................P............@.......0.........../...P..........T...............................@............................................text....u.......v.................. ..`.rdata...x.......z...z..............@..@.data...H...........................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\_ssl.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):177432
                                                                                                                                                                                                      Entropy (8bit):5.976892131161338
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:1CRW4ljuyKK8vZktW5No6XfJN54eNWXvM4VRJNI7IM/cbP7RHs3FJZ1IAC7+y:1mfEyKKaZo6XfJ2MSV+JZW
                                                                                                                                                                                                      MD5:DDB21BD1ACDE4264754C49842DE7EBC9
                                                                                                                                                                                                      SHA1:80252D0E35568E68DED68242D76F2A5D7E00001E
                                                                                                                                                                                                      SHA-256:72BB15CD8C14BA008A52D23CDCFC851A9A4BDE13DEEE302A5667C8AD60F94A57
                                                                                                                                                                                                      SHA-512:464520ECD1587F5CEDE6219FAAC2C903EE41D0E920BF3C9C270A544B040169DCD17A4E27F6826F480D4021077AB39A6CBBD35EBB3D71672EBB412023BC9E182A
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........wfj...9...9...9.n.9...9.i.8...9.i.8...9.i.8...9.i.8...9...8...9...9U..9.n.8...9...8...9...8...9...9...9...8...9Rich...9........PE..d.....e.........." ...%............\,..............................................t.....`......................................... ...d.......................8......../......x...@...T...............................@............................................text.............................. ..`.rdata...!......."..................@..@.data...(...........................@....pdata..8............^..............@..@.rsrc................j..............@..@.reloc..x............t..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\_wmi.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):36632
                                                                                                                                                                                                      Entropy (8bit):6.357254511176439
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:768:6cxnHG7MYGQd0hHdzA77yeu1IACis5YiSyvoAMxkE9:6cxnm7M6dAHdzA77yeu1IACiW7Sy+xx
                                                                                                                                                                                                      MD5:C1654EBEBFEEDA425EADE8B77CA96DE5
                                                                                                                                                                                                      SHA1:A4A150F1C810077B6E762F689C657227CC4FD257
                                                                                                                                                                                                      SHA-256:AA1443A715FBF84A84F39BD89707271FC11A77B597D7324CE86FC5CFA56A63A9
                                                                                                                                                                                                      SHA-512:21705B991E75EFD5E59B8431A3B19AE5FCC38A3E7F137A9D52ACD24E7F67D61758E48ABC1C9C0D4314FA02010A1886C15EAD5BCA8DCA1B1D4CCBFC3C589D342E
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........S..............l..............................z.......................................z.......z.......z.......z......Rich....................PE..d......e.........." ...%.(...:.......&..............................................!n....`..........................................T..H....T...............p..`....`.../......t...DG..T............................C..@............@.......S..@....................text....&.......(.................. ..`.rdata..D....@... ...,..............@..@.data........`.......L..............@....pdata..`....p.......P..............@..@.rsrc................T..............@..@.reloc..t............^..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\base_library.zip

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1332263
                                                                                                                                                                                                      Entropy (8bit):5.5864610174712706
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12288:uttcY+bStOmgRF1+fYNXPh26UZWAzCu7joqYnhjtgkV+dmmPHHz1dF6sF7aYcea:uttcY+UHCiCAd+mq+dmmPnz4waYcea
                                                                                                                                                                                                      MD5:0CD72BCBFCA52707A1FD52F6038B6020
                                                                                                                                                                                                      SHA1:BBEA1763F250143804905F719D88ED2710C23DB3
                                                                                                                                                                                                      SHA-256:66FD3CE5401FEAC826504CEB1BBF3AF3E8B41702BBA03A6C91289DF59228C368
                                                                                                                                                                                                      SHA-512:4FB8F17EA900B243BCD1042E5300238E7D1B03FA2B74E3F4FFABA9B6A181BF6F81A6903B816BA524B9AFB78586A9C6167ACC4071CF009ED5FF4EF295B06FB96B
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:PK..........!.x[_C............_collections_abc.pyc......................................Z.....d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.............Z...e.d.........Z.d...Z...e.e.........Z.[.g.d...Z.d.Z...e...e.d.................Z...e...e...e.........................Z...e...e.i.j%..........................................Z...e...e.i.j)..........................................Z...e...e.i.j-..........................................Z...e...e.g.................Z...e...e...e.g.........................Z...e...e...e.d.........................Z...e...e...e.d.d.z...........................Z...e...e...e.........................Z...e...e.d.................Z ..e...e.d.................Z!..e...e...e"........................Z#..e.i.j%..................................Z$..e.i.j)..................................Z%..e.i.j-..................................Z&..e.e.jN..........................Z(..e...d...................Z)d...Z*..e*........Z*..e.e*........Z+e*jY............................[*d...Z-..e-........

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\certifi\cacert.pem

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):292541
                                                                                                                                                                                                      Entropy (8bit):6.048162209044241
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/Q5MSRqNb7d8iu5NF:QWb/TRJLWURrI55MWavdF0D
                                                                                                                                                                                                      MD5:D3E74C9D33719C8AB162BAA4AE743B27
                                                                                                                                                                                                      SHA1:EE32F2CCD4BC56CA68441A02BF33E32DC6205C2B
                                                                                                                                                                                                      SHA-256:7A347CA8FEF6E29F82B6E4785355A6635C17FA755E0940F65F15AA8FC7BD7F92
                                                                                                                                                                                                      SHA-512:E0FB35D6901A6DEBBF48A0655E2AA1040700EB5166E732AE2617E89EF5E6869E8DDD5C7875FA83F31D447D4ABC3DB14BFFD29600C9AF725D9B03F03363469B4C
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\charset_normalizer\md.cp312-win_amd64.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):10752
                                                                                                                                                                                                      Entropy (8bit):4.817893239381772
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:MRv9XFCk2z1/t12iwU5usJFcCyD9cqgE:aVVC5djuUFJKtgE
                                                                                                                                                                                                      MD5:71D96F1DBFCD6F767D81F8254E572751
                                                                                                                                                                                                      SHA1:E70B74430500ED5117547E0CD339D6E6F4613503
                                                                                                                                                                                                      SHA-256:611E1B4B9ED6788640F550771744D83E404432830BB8E3063F0B8EC3B98911AF
                                                                                                                                                                                                      SHA-512:7B10E13B3723DB0E826B7C7A52090DE999626D5FA6C8F9B4630FDEEF515A58C40660FA90589532A6D4377F003B3CB5B9851E276A0B3C83B9709E28E6A66A1D32
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k............r_...........r................................................3..........Rich....................PE..d... $.g.........." ...).....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\charset_normalizer\md__mypyc.cp312-win_amd64.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):124928
                                                                                                                                                                                                      Entropy (8bit):5.935676608756784
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:BETt3OiaqGB7QNX6Pq4a461TDqFRgMzrOH+d3gdy2iIeP/j3bhouROm:Bmt+is7QNqP1ab1TGb9g/iI4bhouROm
                                                                                                                                                                                                      MD5:D8F690EAE02332A6898E9C8B983C56DD
                                                                                                                                                                                                      SHA1:112C1FE25E0D948F767E02F291801C0E4AE592F0
                                                                                                                                                                                                      SHA-256:C6BB8CAD80B8D7847C52931F11D73BA64F78615218398B2C058F9B218FF21CA9
                                                                                                                                                                                                      SHA-512:E732F79F39BA9721CC59DBE8C4785FFD74DF84CA00D13D72AFA3F96B97B8C7ADF4EA9344D79EE2A1C77D58EF28D3DDCC855F3CB13EDDA928C17B1158ABCC5B4A
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........yB....................7...............7.......7.......7.......6..........C....6.......6.......6.......6......Rich............................PE..d....$.g.........." ...).@...........B.......................................0............`.............................................d.................................... ......@...................................@............P...............................text....>.......@.................. ..`.rdata..PY...P...Z...D..............@..@.data....=.......0..................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\cryptography-44.0.0.dist-info\INSTALLER

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):4
                                                                                                                                                                                                      Entropy (8bit):1.5
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:Mn:M
                                                                                                                                                                                                      MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                      SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                      SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                      SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:pip.

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\cryptography-44.0.0.dist-info\METADATA

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):5724
                                                                                                                                                                                                      Entropy (8bit):5.120429897887076
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:96:DlkQIUQIhQIKQILbQIRIaMPktjaVMxsxA2ncEvGDfe0HEdwGArNZG0JQTQCQx5Kw:dcPuPwsrcEvGDfe0HENA5w0JQTQ9x59H
                                                                                                                                                                                                      MD5:526D9AC9D8150602EC9ED8B9F4DE7102
                                                                                                                                                                                                      SHA1:DBA2CB32C21C4B0F575E77BBCDD4FA468056F5E3
                                                                                                                                                                                                      SHA-256:D95F491ED418DC302DB03804DAF9335CE21B2DF4704587E6851EF03E1F84D895
                                                                                                                                                                                                      SHA-512:FB13A2F6B64CB7E380A69424D484FC9B8758FA316A7A155FF062BFDACDCA8F2C5D2A03898CD099688B1C16A5A0EDCECFC42BF0D4D330926B10C3FCE9F5238643
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:Metadata-Version: 2.3.Name: cryptography.Version: 44.0.0.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Natural Language :: English.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: POSIX.Classifier: Operating System :: POSIX :: BSD.Classifier: Operating System :: POSIX :: Linux.Classifier: Operating System :: Microsoft :: Windows.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classif

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\cryptography-44.0.0.dist-info\RECORD

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:CSV text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):16380
                                                                                                                                                                                                      Entropy (8bit):5.587009861664839
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:hXr12s/l45jEVeK+VqhXJZ4WJJ6sf7B0PpzIq+NX6ih5VFUqq8q:hXplMEVdhJrJJ6sf7B0Ppz/+96ihu8q
                                                                                                                                                                                                      MD5:A53742D3EE69CAE1FD8BDEDAC05BB828
                                                                                                                                                                                                      SHA1:02BC360839FEB54E58E14D410266652DCB718353
                                                                                                                                                                                                      SHA-256:9518E7D9DA0F889F568F800E1A4ADC0686234DC9D9934A46F78FFB5E6C351A98
                                                                                                                                                                                                      SHA-512:C69C4D3ECA56D725E90F9F0C4B98071F4F92A3BC06A635CE0D6309976C750B20B3DA353EFED27F07712FF5E0C1A8114300004C8E2D2EE9155F31D856A3C6EE05
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:cryptography-44.0.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-44.0.0.dist-info/METADATA,sha256=2V9JHtQY3DAtsDgE2vkzXOIbLfRwRYfmhR7wPh-E2JU,5724..cryptography-44.0.0.dist-info/RECORD,,..cryptography-44.0.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..cryptography-44.0.0.dist-info/WHEEL,sha256=Hn9bytZpOGoR6M4U5xUTHC1AJpPD9B1xPrM4STxljEU,94..cryptography-44.0.0.dist-info/licenses/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-44.0.0.dist-info/licenses/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-44.0.0.dist-info/licenses/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography/__about__.py,sha256=fcUqF1IcadxBSH0us1vCvob0OJOrPV3h30yZD8wsHo4,445..cryptography/__init__.py,sha256=XsRL_PxbU6UgoyoglAgJQSrJCP97ovBA8YIEQ2-uI68,762..cryptography/__pycache__/__about__.cpython-312.pyc,,..cryptography/__pycache__/__init__.cpython-312

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\cryptography-44.0.0.dist-info\WHEEL

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):94
                                                                                                                                                                                                      Entropy (8bit):5.0373614967294325
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:RtEeX5pG6vhP+tkKciH/KQb:RtvoKWKTQb
                                                                                                                                                                                                      MD5:A868F93FCF51C4F1C25658D54F994349
                                                                                                                                                                                                      SHA1:535C88A10911673DEABB7889D365E81729E483A6
                                                                                                                                                                                                      SHA-256:1E7F5BCAD669386A11E8CE14E715131C2D402693C3F41D713EB338493C658C45
                                                                                                                                                                                                      SHA-512:EC13CAC9DF03676640EF5DA033E8C2FAEE63916F27CC27B9C43F0824B98AB4A6ECB4C8D7D039FA6674EF189BDD9265C8ED509C1D80DFF610AEB9E081093AEB3D
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:Wheel-Version: 1.0.Generator: maturin (1.7.5).Root-Is-Purelib: false.Tag: cp39-abi3-win_amd64.

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\cryptography-44.0.0.dist-info\licenses\LICENSE

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):197
                                                                                                                                                                                                      Entropy (8bit):4.61968998873571
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
                                                                                                                                                                                                      MD5:8C3617DB4FB6FAE01F1D253AB91511E4
                                                                                                                                                                                                      SHA1:E442040C26CD76D1B946822CAF29011A51F75D6D
                                                                                                                                                                                                      SHA-256:3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
                                                                                                                                                                                                      SHA-512:77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses..

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\cryptography-44.0.0.dist-info\licenses\LICENSE.APACHE

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):11360
                                                                                                                                                                                                      Entropy (8bit):4.426756947907149
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                                                                                                                                                                      MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                                                                                                                                                                      SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                                                                                                                                                                      SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                                                                                                                                                                      SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\cryptography-44.0.0.dist-info\licenses\LICENSE.BSD

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1532
                                                                                                                                                                                                      Entropy (8bit):5.058591167088024
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                                                                                                                                                                      MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                                                                                                                                                                      SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                                                                                                                                                                      SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                                                                                                                                                                      SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):8292864
                                                                                                                                                                                                      Entropy (8bit):6.493076254122072
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:98304:Y4sf3zg+qUuQdPJMqYLSxuBLZqwt0kDO+5+O:cdeqYLSxuBLZrGjq+
                                                                                                                                                                                                      MD5:34293B976DA366D83C12D8EE05DE7B03
                                                                                                                                                                                                      SHA1:82B8EB434C26FCC3A5D9673C9B93663C0FF9BF15
                                                                                                                                                                                                      SHA-256:A2285C3F2F7E63BA8A17AB5D0A302740E6ADF7E608E0707A7737C1EC3BD8CECC
                                                                                                                                                                                                      SHA-512:0807EC7515186F0A989BB667150A84FF3BEBCC248625597BA0BE3C6F07AD60D70CF8A3F65191436EC16042F446D4248BF92FCD02212E459405948DB10F078B8E
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y.j...j...j....F..j.......j.......j.......j.......j.......j.......j...j...h.......i...j...j.......j.......j..Rich.j..........................PE..d....^Gg.........." ...*.R\..n"......~Z.......................................~...........`...........................................x.X.....x...............y...............~.......o.T.....................o.(...p.o.@............p\.8............................text....Q\......R\................. ..`.rdata..P9...p\..:...V\.............@..@.data... >....x.......x.............@....pdata........y.......y.............@..@.reloc........~.......}.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\libcrypto-3.dll

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):5191960
                                                                                                                                                                                                      Entropy (8bit):5.962142634441191
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:98304:n3+pefu6fSar+SJ8aqfPomg1CPwDvt3uFlDCE:3G+u6fb+SJ8aqfwmg1CPwDvt3uFlDCE
                                                                                                                                                                                                      MD5:E547CF6D296A88F5B1C352C116DF7C0C
                                                                                                                                                                                                      SHA1:CAFA14E0367F7C13AD140FD556F10F320A039783
                                                                                                                                                                                                      SHA-256:05FE080EAB7FC535C51E10C1BD76A2F3E6217F9C91A25034774588881C3F99DE
                                                                                                                                                                                                      SHA-512:9F42EDF04C7AF350A00FA4FDF92B8E2E6F47AB9D2D41491985B20CD0ADDE4F694253399F6A88F4BDD765C4F49792F25FB01E84EC03FD5D0BE8BB61773D77D74D
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............l..l..l......l...m..l...i..l...h..l...o..l..m.y.l...m...l...o..l...h.l...l..l......l...n..l.Rich.l.........PE..d......e.........." ...%..7..4......v.........................................O.......P...`.........................................P.H.0....kN.@.....N.|.....K.d.....O../....N....P.C.8.............................C.@............`N..............................text.....7.......7................. ..`.rdata....... 7.......7.............@..@.data....n....K..<....J.............@....pdata..0.....K......4K.............@..@.idata...%...`N..&....N.............@..@.00cfg..u.....N.......N.............@..@.rsrc...|.....N......0N.............@..@.reloc........N......8N.............@..B................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\libffi-8.dll

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):39696
                                                                                                                                                                                                      Entropy (8bit):6.641880464695502
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                                                                                                                                                                                                      MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                                                                                                                                                                                                      SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                                                                                                                                                                                                      SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                                                                                                                                                                                                      SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\libssl-3.dll

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):787224
                                                                                                                                                                                                      Entropy (8bit):5.609561366841894
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12288:ytPc2nnGoNg4kSHoxX09yO5EavUFe9Xb12:y9jnnpTHoxXUsFe9XbM
                                                                                                                                                                                                      MD5:19A2ABA25456181D5FB572D88AC0E73E
                                                                                                                                                                                                      SHA1:656CA8CDFC9C3A6379536E2027E93408851483DB
                                                                                                                                                                                                      SHA-256:2E9FBCD8F7FDC13A5179533239811456554F2B3AA2FB10E1B17BE0DF81C79006
                                                                                                                                                                                                      SHA-512:DF17DC8A882363A6C5A1B78BA3CF448437D1118CCC4A6275CC7681551B13C1A4E0F94E30FFB94C3530B688B62BFF1C03E57C2C185A7DF2BF3E5737A06E114337
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........>:V.PiV.PiV.Pi_..iX.PiC.QhT.Pi..QhT.PiC.UhZ.PiC.Th^.PiC.ShR.PillQhU.PiV.QiH.PillThf.PillPhW.Pill.iW.PillRhW.PiRichV.Pi................PE..d......e.........." ...%.*..........K........................................ ............`..........................................g...Q..............s.......@M......./......`.......8...........................`...@............p...............................text...D).......*.................. ..`.rdata..Hy...@...z..................@..@.data....N.......H..................@....pdata...V.......X..................@..@.idata...c...p...d...H..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..4...........................@..B........................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\pyexpat.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):199448
                                                                                                                                                                                                      Entropy (8bit):6.385263095268062
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:gP9/HQAYp/8IdzL37lqrEJesY7p7Ndrjt8HWcFwUT6ZIALhNn6:opFYp/vdzL3pqrEJ2xDrJ8DdT6A
                                                                                                                                                                                                      MD5:F179C9BDD86A2A218A5BF9F0F1CF6CD9
                                                                                                                                                                                                      SHA1:4544FB23D56CC76338E7F71F12F58C5FE89D0D76
                                                                                                                                                                                                      SHA-256:C42874E2CF034FB5034F0BE35F7592B8A96E8903218DA42E6650C504A85B37CC
                                                                                                                                                                                                      SHA-512:3464ECE5C6A0E95EF6136897B70A96C69E552D28BFEDD266F13EEC840E36EC2286A1FB8973B212317DE6FE3E93D7D7CC782EB6FC3D6A2A8F006B34F6443498DE
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........W,.6B..6B..6B..N..6B..IC..6B..IG..6B..IF..6B..IA..6B...C..6B..NC..6B..6C..6B...O..6B...B..6B......6B...@..6B.Rich.6B.........PE..d......e.........." ...%.............................................................)....`......................................... ...P...p............................/..........`4..T........................... 3..@............ ...............................text............................... ..`.rdata..D.... ......................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\python3.dll

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):68376
                                                                                                                                                                                                      Entropy (8bit):6.14896460878624
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:768:LV1EbYGVXq6KC/prVHBN0cW18itCQDFPnOMFn+gikF/nFX14uewjBcCCC0yamM/u:LDmF61JFn+/OHZIAL0R7SyHxy
                                                                                                                                                                                                      MD5:6271A2FE61978CA93E60588B6B63DEB2
                                                                                                                                                                                                      SHA1:BE26455750789083865FE91E2B7A1BA1B457EFB8
                                                                                                                                                                                                      SHA-256:A59487EA2C8723277F4579067248836B216A801C2152EFB19AFEE4AC9785D6FB
                                                                                                                                                                                                      SHA-512:8C32BCB500A94FF47F5EF476AE65D3B677938EBEE26E80350F28604AAEE20B044A5D55442E94A11CCD9962F34D22610B932AC9D328197CF4D2FFBC7DF640EFBA
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........T...5e..5e..5e..m..5e..e..5e.....5e..g..5e.Rich.5e.........PE..d......e.........." ...%............................................................x.....`.........................................`...H................................/..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\python312.dll

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):7009048
                                                                                                                                                                                                      Entropy (8bit):5.7826778751744685
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:49152:mz0oCxOqKWneF3o1VLCClOTNRpaOviXEYWyb3eOYTvuFsx/iac84YNFXiTlv5WF4:mooCcqKLHX+az2Ro8Kv7HDMiEB/
                                                                                                                                                                                                      MD5:550288A078DFFC3430C08DA888E70810
                                                                                                                                                                                                      SHA1:01B1D31F37FB3FD81D893CC5E4A258E976F5884F
                                                                                                                                                                                                      SHA-256:789A42AC160CEF98F8925CB347473EEEB4E70F5513242E7FABA5139BA06EDF2D
                                                                                                                                                                                                      SHA-512:7244432FC3716F7EF27630D4E8FBC8180A2542AA97A01D44DCA260AB43966DD8AC98B6023400B0478A4809AACE1A128F1F4D6E544F2E591A5B436FD4C8A9D723
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........T..e...e...e...d...e.......e...`...e...a...e...f...e.......e..d...e...d...e..Bh.M.e..Be...e..B....e..Bg...e.Rich..e.........................PE..d......e.........." ...%.$)..ZB......]........................................k.....:.k...`...........................................O.d...toP......Pj.......`.dZ....j../...`j.pZ....3.T.....................I.(...P.3.@............@)..............................text....")......$)................. ..`.rdata...T'..@)..V'..().............@..@.data....?....P......~P.............@....pdata..dZ....`..\....`.............@..@PyRuntim.....@c......\b.............@....rsrc........Pj......^i.............@..@.reloc..pZ...`j..\...hi.............@..B........................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\select.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):30488
                                                                                                                                                                                                      Entropy (8bit):6.582548725691534
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:384:b9yLTFInPLnIdHqp3DT90IZIAQGyHQIYiSy1pCQ273bAM+o/8E9VF0Nypyn4:6inzUHqN1rZIAQGo5YiSyvUrAMxkEjh
                                                                                                                                                                                                      MD5:8A273F518973801F3C63D92AD726EC03
                                                                                                                                                                                                      SHA1:069FC26B9BD0F6EA3F9B3821AD7C812FD94B021F
                                                                                                                                                                                                      SHA-256:AF358285A7450DE6E2E5E7FF074F964D6A257FB41D9EB750146E03C7DDA503CA
                                                                                                                                                                                                      SHA-512:7FEDAE0573ECB3946EDE7D0B809A98ACAD3D4C95D6C531A40E51A31BDB035BADC9F416D8AAA26463784FF2C5E7A0CC2C793D62B5FDB2B8E9FAD357F93D3A65F8
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V..t.s.'.s.'.s.'..7'.s.'...&.s.'...&.s.'...&.s.'...&.s.'(.&.s.'.s.'Ps.'Y..&.s.'(.&.s.'(.&.s.'(.['.s.'(.&.s.'Rich.s.'........PE..d......e.........." ...%.....2.......................................................y....`..........................................@..L...,A..x....p.......`.......H.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\INSTALLER

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):4
                                                                                                                                                                                                      Entropy (8bit):1.5
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:Mn:M
                                                                                                                                                                                                      MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                      SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                      SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                      SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:pip.

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\LICENSE

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):11358
                                                                                                                                                                                                      Entropy (8bit):4.4267168336581415
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:nU6G5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEn7HbHR:U9vlKM1zJlFvmNz5VrlkTS07Ht
                                                                                                                                                                                                      MD5:3B83EF96387F14655FC854DDC3C6BD57
                                                                                                                                                                                                      SHA1:2B8B815229AA8A61E483FB4BA0588B8B6C491890
                                                                                                                                                                                                      SHA-256:CFC7749B96F63BD31C3C42B5C471BF756814053E847C10F3EB003417BC523D30
                                                                                                                                                                                                      SHA-512:98F6B79B778F7B0A15415BD750C3A8A097D650511CB4EC8115188E115C47053FE700F578895C097051C9BC3DFB6197C2B13A15DE203273E1A3218884F86E90E8
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:. Apache License. Version 2.0, January 2004. http://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial own

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\METADATA

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):4648
                                                                                                                                                                                                      Entropy (8bit):5.006900644756252
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:96:Dx2ZSaCSmS8R902Vpnu386eLQ9Ac+fFZpDN00x2jZ2SBXZJSwTE:9Smzf02Vpnu386mQ9B+TP0vJHJSwTE
                                                                                                                                                                                                      MD5:98ABEAACC0E0E4FC385DFF67B607071A
                                                                                                                                                                                                      SHA1:E8C830D8B0942300C7C87B3B8FD15EA1396E07BD
                                                                                                                                                                                                      SHA-256:6A7B90EFFEE1E09D5B484CDF7232016A43E2D9CC9543BCBB8E494B1EC05E1F59
                                                                                                                                                                                                      SHA-512:F1D59046FFA5B0083A5259CEB03219CCDB8CC6AAC6247250CBD83E70F080784391FCC303F7630E1AD40E5CCF5041A57CB9B68ADEFEC1EBC6C31FCF7FFC65E9B7
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:Metadata-Version: 2.1.Name: importlib_metadata.Version: 8.0.0.Summary: Read metadata from Python packages.Author-email: "Jason R. Coombs" <jaraco@jaraco.com>.Project-URL: Source, https://github.com/python/importlib_metadata.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.License-File: LICENSE.Requires-Dist: zipp >=0.5.Requires-Dist: typing-extensions >=3.6.4 ; python_version < "3.8".Provides-Extra: doc.Requires-Dist: sphinx >=3.5 ; extra == 'doc'.Requires-Dist: jaraco.packaging >=9.3 ; extra == 'doc'.Requires-Dist: rst.linker >=1.9 ; extra == 'doc'.Requires-Dist: furo ; extra == 'doc'.Requires-Dist: sphinx-lint ; extra == 'doc'.Requires-Dist: jaraco.tidelift >=1.4 ; extra == 'doc'.Provides-Extra: perf.Requires-D

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\RECORD

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:CSV text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2518
                                                                                                                                                                                                      Entropy (8bit):5.6307766747793275
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:48:UnuXTg06U5J/Vw9l/gfNX7/XzBk9pvJq/fwJOfYrBfnJ/V0XJnzN/3WJV:bXzP/EgdzzBkDJsoIYrBfJ/CXNz9qV
                                                                                                                                                                                                      MD5:EB513CAFA5226DDA7D54AFDCC9AD8A74
                                                                                                                                                                                                      SHA1:B394C7AEC158350BAF676AE3197BEF4D7158B31C
                                                                                                                                                                                                      SHA-256:0D8D3C6EEB9EBBE86CAC7D60861552433C329DA9EA51248B61D02BE2E5E64030
                                                                                                                                                                                                      SHA-512:A0017CFAFF47FDA6067E3C31775FACEE4728C3220C2D4BD70DEF328BD20AA71A343E39DA15CD6B406F62311894C518DFCF5C8A4AE6F853946F26A4B4E767924E
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:importlib_metadata-8.0.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..importlib_metadata-8.0.0.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358..importlib_metadata-8.0.0.dist-info/METADATA,sha256=anuQ7_7h4J1bSEzfcjIBakPi2cyVQ7y7jklLHsBeH1k,4648..importlib_metadata-8.0.0.dist-info/RECORD,,..importlib_metadata-8.0.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..importlib_metadata-8.0.0.dist-info/WHEEL,sha256=mguMlWGMX-VHnMpKOjjQidIo1ssRlCFu4a4mBpz1s2M,91..importlib_metadata-8.0.0.dist-info/top_level.txt,sha256=CO3fD9yylANiXkrMo4qHLV_mqXL2sC5JFKgt1yWAT-A,19..importlib_metadata/__init__.py,sha256=tZNB-23h8Bixi9uCrQqj9Yf0aeC--Josdy3IZRIQeB0,33798..importlib_metadata/__pycache__/__init__.cpython-312.pyc,,..importlib_metadata/__pycache__/_adapters.cpython-312.pyc,,..importlib_metadata/__pycache__/_collections.cpython-312.pyc,,..importlib_metadata/__pycache__/_compat.cpython-312.pyc,,..importlib_metadata/__pycac

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\WHEEL

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):91
                                                                                                                                                                                                      Entropy (8bit):4.687870576189661
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:RtEeXMRYFAVLMvhRRP+tPCCfA5S:RtC1VLMvhjWBBf
                                                                                                                                                                                                      MD5:7D09837492494019EA51F4E97823D79F
                                                                                                                                                                                                      SHA1:7829B4324BB542799494131A270EC3BDAD4DEDEF
                                                                                                                                                                                                      SHA-256:9A0B8C95618C5FE5479CCA4A3A38D089D228D6CB1194216EE1AE26069CF5B363
                                                                                                                                                                                                      SHA-512:A0063220ECDD22C3E735ACFF6DE559ACF3AC4C37B81D37633975A22A28B026F1935CD1957C0FF7D2ECC8B7F83F250310795EECC5273B893FFAB115098F7B9C38
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:Wheel-Version: 1.0.Generator: setuptools (70.1.1).Root-Is-Purelib: true.Tag: py3-none-any..

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\top_level.txt

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):19
                                                                                                                                                                                                      Entropy (8bit):3.536886723742169
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:JSej0EBERG:50o4G
                                                                                                                                                                                                      MD5:A24465F7850BA59507BF86D89165525C
                                                                                                                                                                                                      SHA1:4E61F9264DE74783B5924249BCFE1B06F178B9AD
                                                                                                                                                                                                      SHA-256:08EDDF0FDCB29403625E4ACCA38A872D5FE6A972F6B02E4914A82DD725804FE0
                                                                                                                                                                                                      SHA-512:ECF1F6B777970F5257BDDD353305447083008CEBD8E5A27C3D1DA9C7BDC3F9BF3ABD6881265906D6D5E11992653185C04A522F4DB5655FF75EEDB766F93D5D48
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:importlib_metadata.

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor\jaraco\text\Lorem ipsum.txt

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:ASCII text, with very long lines (888)
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1335
                                                                                                                                                                                                      Entropy (8bit):4.226823573023539
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:FP6Hbz+g9RPZ14bJi04L6GEbX4UQF4UkZQhxI2EIhNyu:9E+i6bJmLm43+Uxxnh0u
                                                                                                                                                                                                      MD5:4CE7501F6608F6CE4011D627979E1AE4
                                                                                                                                                                                                      SHA1:78363672264D9CD3F72D5C1D3665E1657B1A5071
                                                                                                                                                                                                      SHA-256:37FEDCFFBF73C4EB9F058F47677CB33203A436FF9390E4D38A8E01C9DAD28E0B
                                                                                                                                                                                                      SHA-512:A4CDF92725E1D740758DA4DD28DF5D1131F70CEF46946B173FE6956CC0341F019D7C4FECC3C9605F354E1308858721DADA825B4C19F59C5AD1CE01AB84C46B24
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum..Curabitur pretium tincidunt lacus. Nulla gravida orci a odio. Nullam varius, turpis et commodo pharetra, est eros bibendum elit, nec luctus magna felis sollicitudin mauris. Integer in mauris eu nibh euismod gravida. Duis ac tellus et risus vulputate vehicula. Donec lobortis risus a elit. Etiam tempor. Ut ullamcorper, ligula eu tempor congue, eros est euismod turpis, id tincidunt sapien risus a quam. Maecenas fermentum consequat mi. Donec fermentum. Pellentesque malesuada nulla a mi. Duis sapien sem, aliquet nec, commodo eget, consequat quis, neque.

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor\wheel-0.43.0.dist-info\INSTALLER

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):4
                                                                                                                                                                                                      Entropy (8bit):1.5
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:Mn:M
                                                                                                                                                                                                      MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                      SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                      SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                      SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:pip.

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor\wheel-0.43.0.dist-info\LICENSE.txt

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1107
                                                                                                                                                                                                      Entropy (8bit):5.115074330424529
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:PWmrRONJHLH0cPP3gtkHw1h39QHOsUv4eOk4/+jvho3nPz:ttONJbbvE/NQHOs5eNS3n7
                                                                                                                                                                                                      MD5:7FFB0DB04527CFE380E4F2726BD05EBF
                                                                                                                                                                                                      SHA1:5B39C45A91A556E5F1599604F1799E4027FA0E60
                                                                                                                                                                                                      SHA-256:30C23618679108F3E8EA1D2A658C7CA417BDFC891C98EF1A89FA4FF0C9828654
                                                                                                                                                                                                      SHA-512:205F284F3A7E8E696C70ED7B856EE98C1671C68893F0952EEC40915A383BC452B99899BDC401F9FE161A1BF9B6E2CEA3BCD90615EEE9173301657A2CE4BAFE14
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:MIT License..Copyright (c) 2012 Daniel Holth <dholth@fastmail.fm> and contributors..Permission is hereby granted, free of charge, to any person obtaining a.copy of this software and associated documentation files (the "Software"),.to deal in the Software without restriction, including without limitation.the rights to use, copy, modify, merge, publish, distribute, sublicense,.and/or sell copies of the Software, and to permit persons to whom the.Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included.in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL.THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR.OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERW

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor\wheel-0.43.0.dist-info\METADATA

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2153
                                                                                                                                                                                                      Entropy (8bit):5.088249746074878
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:48:DEhpFu5MktjaywDK48d+md+7uT8RfkD1UKd+mOl1Awry:DEhpiMktjayq/7kOfsUzmbYy
                                                                                                                                                                                                      MD5:EBEA27DA14E3F453119DC72D84343E8C
                                                                                                                                                                                                      SHA1:7CEB6DBE498B69ABF4087637C6F500742FF7E2B4
                                                                                                                                                                                                      SHA-256:59BAC22B00A59D3E5608A56B8CF8EFC43831A36B72792EE4389C9CD4669C7841
                                                                                                                                                                                                      SHA-512:A41593939B9325D40CB67FD3F41CD1C9E9978F162487FB469094C41440B5F48016B9A66BE2E6E4A0406D6EEDB25CE4F5A860BA1E3DC924B81F63CEEE3AE31117
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:Metadata-Version: 2.1.Name: wheel.Version: 0.43.0.Summary: A built-package format for Python.Keywords: wheel,packaging.Author-email: Daniel Holth <dholth@fastmail.fm>.Maintainer-email: Alex Gr.nholm <alex.gronholm@nextday.fi>.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: Topic :: System :: Archiving :: Packaging.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Requires-Dist: pytest >= 6.0.0 ; extra == "test".Requires-Dist: setuptools >= 65 ; extra == "test".Project-URL: Changelog, https://wheel.readthedocs.io/en/s

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor\wheel-0.43.0.dist-info\RECORD

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:CSV text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):4557
                                                                                                                                                                                                      Entropy (8bit):5.714200636114494
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:96:QXVuEmegx01TQIvFCiq9H/H7vp88FxTXiJPkGJP4CWweXQHmnDpMI78IegK5EeZR:QXVxAbYkU4CWweXQHmnDpMeV2BvTRqQF
                                                                                                                                                                                                      MD5:44D352C4997560C7BFB82D9360F5985A
                                                                                                                                                                                                      SHA1:BE58C7B8AB32790384E4E4F20865C4A88414B67A
                                                                                                                                                                                                      SHA-256:783E654742611AF88CD9F00BF01A431A219DB536556E63FF981C7BD673070AC9
                                                                                                                                                                                                      SHA-512:281B1D939A560E6A08D0606E5E8CE15F086B4B45738AB41ED6B5821968DC8D764CD6B25DB6BA562A07018C271ABF17A6BC5A380FAD05696ADF1D11EE2C5749C8
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:../../bin/wheel,sha256=cT2EHbrv-J-UyUXu26cDY-0I7RgcruysJeHFanT1Xfo,249..wheel-0.43.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..wheel-0.43.0.dist-info/LICENSE.txt,sha256=MMI2GGeRCPPo6h0qZYx8pBe9_IkcmO8aifpP8MmChlQ,1107..wheel-0.43.0.dist-info/METADATA,sha256=WbrCKwClnT5WCKVrjPjvxDgxo2tyeS7kOJyc1GaceEE,2153..wheel-0.43.0.dist-info/RECORD,,..wheel-0.43.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..wheel-0.43.0.dist-info/WHEEL,sha256=EZbGkh7Ie4PoZfRQ8I0ZuP9VklN_TvcZ6DSE5Uar4z4,81..wheel-0.43.0.dist-info/entry_points.txt,sha256=rTY1BbkPHhkGMm4Q3F0pIzJBzW2kMxoG1oriffvGdA0,104..wheel/__init__.py,sha256=D6jhH00eMzbgrXGAeOwVfD5i-lCAMMycuG1L0useDlo,59..wheel/__main__.py,sha256=NkMUnuTCGcOkgY0IBLgBCVC_BGGcWORx2K8jYGS12UE,455..wheel/__pycache__/__init__.cpython-312.pyc,,..wheel/__pycache__/__main__.cpython-312.pyc,,..wheel/__pycache__/_setuptools_logging.cpython-312.pyc,,..wheel/__pycache__/bdist_wheel.cpython-312.pyc,,..wheel/__pycache

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor\wheel-0.43.0.dist-info\WHEEL

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):81
                                                                                                                                                                                                      Entropy (8bit):4.672346887071811
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:RtEeX/QFM+vxP+tPCCfA5I:Rt1Qq2WBB3
                                                                                                                                                                                                      MD5:24019423EA7C0C2DF41C8272A3791E7B
                                                                                                                                                                                                      SHA1:AAE9ECFB44813B68CA525BA7FA0D988615399C86
                                                                                                                                                                                                      SHA-256:1196C6921EC87B83E865F450F08D19B8FF5592537F4EF719E83484E546ABE33E
                                                                                                                                                                                                      SHA-512:09AB8E4DAA9193CFDEE6CF98CCAE9DB0601F3DCD4944D07BF3AE6FA5BCB9DC0DCAFD369DE9A650A38D1B46C758DB0721EBA884446A8A5AD82BB745FD5DB5F9B1
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:Wheel-Version: 1.0.Generator: flit 3.9.0.Root-Is-Purelib: true.Tag: py3-none-any.

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\setuptools\_vendor\wheel-0.43.0.dist-info\entry_points.txt

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):104
                                                                                                                                                                                                      Entropy (8bit):4.271713330022269
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:1SSAnAYgh+MWTMhk6WjrAM5t5ln:1Jb9WTMhk9jUM5t5ln
                                                                                                                                                                                                      MD5:6180E17C30BAE5B30DB371793FCE0085
                                                                                                                                                                                                      SHA1:E3A12C421562A77D90A13D8539A3A0F4D3228359
                                                                                                                                                                                                      SHA-256:AD363505B90F1E1906326E10DC5D29233241CD6DA4331A06D68AE27DFBC6740D
                                                                                                                                                                                                      SHA-512:69EAE7B1E181D7BA1D3E2864D31E1320625A375E76D3B2FBF8856B3B6515936ACE3138D4D442CABDE7576FCFBCBB0DEED054D90B95CFA1C99829DB12A9031E26
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:[console_scripts].wheel=wheel.cli:main..[distutils.commands].bdist_wheel=wheel.bdist_wheel:bdist_wheel..

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI63282\unicodedata.pyd

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                      Size (bytes):1137944
                                                                                                                                                                                                      Entropy (8bit):5.462202215180296
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12288:hrEHdcM6hbFCjJ43w9hIpCQvb0QN8MdIEQ+U2BNNmD+99FfciFt:hrEXYCjfk7bPNfv42BN6yzUiFt
                                                                                                                                                                                                      MD5:04F35D7EEC1F6B72BAB9DAF330FD0D6B
                                                                                                                                                                                                      SHA1:ECF0C25BA7ADF7624109E2720F2B5930CD2DBA65
                                                                                                                                                                                                      SHA-256:BE942308D99CC954931FE6F48ED8CC7A57891CCBE99AAE728121BCDA1FD929AB
                                                                                                                                                                                                      SHA-512:3DA405E4C1371F4B265E744229DCC149491A112A2B7EA8E518D5945F8C259CAD15583F25592B35EC8A344E43007AE00DA9673822635EE734D32664F65C9C8D9B
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........K..K..K..B.q.M..^..I..^..F..^..C..^..H..qE.H.....I..K.....qE.J..qE.J..qE..J..qE..J..RichK..........................PE..d......e.........." ...%.>..........`*.......................................p............`.........................................p...X............P.......@.........../...`......P^..T............................]..@............P..p............................text....=.......>.................. ..`.rdata..\....P.......B..............@..@.data...X.... ......................@....pdata.......@......................@..@.rsrc........P......."..............@..@.reloc.......`.......,..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                      General

                                                                                                                                                                                                      File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                      Entropy (8bit):7.9943402885024195
                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                      • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                      • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                      File name:ihNipdQaIz.exe
                                                                                                                                                                                                      File size:15'920'444 bytes
                                                                                                                                                                                                      MD5:90928b7ed0cccca847c033a104b86507
                                                                                                                                                                                                      SHA1:3d548dffc52787ee41ef8faf8aeccd8e613dcbc1
                                                                                                                                                                                                      SHA256:a540b68cbb2ebdfab541c5c682d759fa0f15b0d38b297bf538fc89945e288fef
                                                                                                                                                                                                      SHA512:120ce0aaf0b728bb52570e8babac94797b9f45f33e8620313e4f3c8f1ad880382783bddaf0bbf360e288a21c99cf42020cfe79c416f0bfb332b67f89e2296647
                                                                                                                                                                                                      SSDEEP:393216:2hKRagG8niwq3Obs2ClJ1+TtIiFGuvB5IjWqczLJAwQfa:2hTGiwq3ObRqJ1QtIZS3ILaJXQfa
                                                                                                                                                                                                      TLSH:DEF63341A6F358EFC6F1633B86628556AF62AF951773CA8F03782250DF472C34D32A61
                                                                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t=.30\.`0\.`0\.`{$.a7\.`{$.a.\.`{$.a:\.` ..`3\.` ..a9\.` ..a!\.` ..a.\.`{$.a;\.`0\.`.\.`{..a)\.`{..a1\.`Rich0\.`........PE..d..

                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                      Icon Hash:391d8c069399743a

                                                                                                                                                                                                      Static PE Info

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Entrypoint:0x14000ce20
                                                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                                                      Imagebase:0x140000000
                                                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                      Time Stamp:0x675BF7D8 [Fri Dec 13 09:01:12 2024 UTC]
                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                      OS Version Major:6
                                                                                                                                                                                                      OS Version Minor:0
                                                                                                                                                                                                      File Version Major:6
                                                                                                                                                                                                      File Version Minor:0
                                                                                                                                                                                                      Subsystem Version Major:6
                                                                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                                                                      Import Hash:72c4e339b7af8ab1ed2eb3821c98713a

                                                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                      sub esp, 28h
                                                                                                                                                                                                      call 00007FD7F123415Ch
                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                      add esp, 28h
                                                                                                                                                                                                      jmp 00007FD7F1233D7Fh
                                                                                                                                                                                                      int3
                                                                                                                                                                                                      int3
                                                                                                                                                                                                      int3
                                                                                                                                                                                                      int3
                                                                                                                                                                                                      int3
                                                                                                                                                                                                      int3
                                                                                                                                                                                                      int3
                                                                                                                                                                                                      int3
                                                                                                                                                                                                      int3
                                                                                                                                                                                                      int3
                                                                                                                                                                                                      int3
                                                                                                                                                                                                      int3
                                                                                                                                                                                                      int3
                                                                                                                                                                                                      int3
                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                      sub esp, 28h
                                                                                                                                                                                                      call 00007FD7F1234528h
                                                                                                                                                                                                      test eax, eax
                                                                                                                                                                                                      je 00007FD7F1233F23h
                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                      mov eax, dword ptr [00000030h]
                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                      mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                                      jmp 00007FD7F1233F07h
                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                      cmp ecx, eax
                                                                                                                                                                                                      je 00007FD7F1233F16h
                                                                                                                                                                                                      xor eax, eax
                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                      cmpxchg dword ptr [0003570Ch], ecx
                                                                                                                                                                                                      jne 00007FD7F1233EF0h
                                                                                                                                                                                                      xor al, al
                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                      add esp, 28h
                                                                                                                                                                                                      ret
                                                                                                                                                                                                      mov al, 01h
                                                                                                                                                                                                      jmp 00007FD7F1233EF9h
                                                                                                                                                                                                      int3
                                                                                                                                                                                                      int3
                                                                                                                                                                                                      int3
                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                      sub esp, 28h
                                                                                                                                                                                                      test ecx, ecx
                                                                                                                                                                                                      jne 00007FD7F1233F09h
                                                                                                                                                                                                      mov byte ptr [000356F5h], 00000001h
                                                                                                                                                                                                      call 00007FD7F1233655h
                                                                                                                                                                                                      call 00007FD7F1234940h
                                                                                                                                                                                                      test al, al
                                                                                                                                                                                                      jne 00007FD7F1233F06h
                                                                                                                                                                                                      xor al, al
                                                                                                                                                                                                      jmp 00007FD7F1233F16h
                                                                                                                                                                                                      call 00007FD7F124145Fh
                                                                                                                                                                                                      test al, al
                                                                                                                                                                                                      jne 00007FD7F1233F0Bh
                                                                                                                                                                                                      xor ecx, ecx
                                                                                                                                                                                                      call 00007FD7F1234950h
                                                                                                                                                                                                      jmp 00007FD7F1233EECh
                                                                                                                                                                                                      mov al, 01h
                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                      add esp, 28h
                                                                                                                                                                                                      ret
                                                                                                                                                                                                      int3
                                                                                                                                                                                                      int3
                                                                                                                                                                                                      inc eax
                                                                                                                                                                                                      push ebx
                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                      sub esp, 20h
                                                                                                                                                                                                      cmp byte ptr [000356BCh], 00000000h
                                                                                                                                                                                                      mov ebx, ecx
                                                                                                                                                                                                      jne 00007FD7F1233F69h
                                                                                                                                                                                                      cmp ecx, 01h
                                                                                                                                                                                                      jnbe 00007FD7F1233F6Ch
                                                                                                                                                                                                      call 00007FD7F123449Eh
                                                                                                                                                                                                      test eax, eax
                                                                                                                                                                                                      je 00007FD7F1233F2Ah
                                                                                                                                                                                                      test ebx, ebx
                                                                                                                                                                                                      jne 00007FD7F1233F26h
                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                      lea ecx, dword ptr [000356A6h]
                                                                                                                                                                                                      call 00007FD7F1241252h

                                                                                                                                                                                                      Data Directories

                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x3ca340x78.rdata
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x470000xeeb8.rsrc
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x440000x2238.pdata
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x560000x764.reloc
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x3a0800x1c.rdata
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x39f400x140.rdata
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x2b0000x4a0.rdata
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                      Sections

                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                      .text0x10000x29f700x2a000b8c3814c5fb0b18492ad4ec2ffe0830aFalse0.5518740699404762data6.489205819736506IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                      .rdata0x2b0000x12a280x12c00e0f291c029d7d6942e82b25338acdff2False0.524296875data5.750794512946691IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                      .data0x3e0000x53f80xe00dba0caeecab624a0ccc0d577241601d1False0.134765625data1.8392217063172436IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                      .pdata0x440000x22380x24009cd1eac931545f28ab09329f8bfce843False0.4697265625data5.2645170849678795IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                      .rsrc0x470000xeeb80xf00084086ada0a1865a4173ecccf4a690c02False0.038167317708333336data2.343477032023029IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                      .reloc0x560000x7640x800816c68eeb419ee2c08656c31c06a0fffFalse0.5576171875data5.2809528666624175IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                      Resources

                                                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                      RT_ICON0x470e80xe8acDevice independent bitmap graphic, 225 x 450 x 8, image size 51300, 256 important colors0.024964743804982877
                                                                                                                                                                                                      RT_GROUP_ICON0x559940x14data1.15
                                                                                                                                                                                                      RT_MANIFEST0x559a80x50dXML 1.0 document, ASCII text0.4694508894044857

                                                                                                                                                                                                      Imports

                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                      USER32.dllCreateWindowExW, ShutdownBlockReasonCreate, MsgWaitForMultipleObjects, ShowWindow, DestroyWindow, RegisterClassW, DefWindowProcW, PeekMessageW, DispatchMessageW, TranslateMessage, PostMessageW, GetMessageW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                                                                      COMCTL32.dll
                                                                                                                                                                                                      KERNEL32.dllGetACP, IsValidCodePage, GetStringTypeW, GetFileAttributesExW, SetEnvironmentVariableW, FlushFileBuffers, GetCurrentDirectoryW, LCMapStringW, CompareStringW, FlsFree, GetOEMCP, GetCPInfo, GetModuleHandleW, MulDiv, FormatMessageW, GetLastError, GetModuleFileNameW, LoadLibraryExW, SetDllDirectoryW, CreateSymbolicLinkW, GetProcAddress, GetEnvironmentStringsW, GetCommandLineW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, GetDriveTypeW, RemoveDirectoryW, GetTempPathW, CloseHandle, QueryPerformanceCounter, QueryPerformanceFrequency, WaitForSingleObject, Sleep, GetCurrentProcess, TerminateProcess, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LocalFree, SetConsoleCtrlHandler, K32EnumProcessModules, K32GetModuleFileNameExW, CreateFileW, FindFirstFileExW, GetFinalPathNameByHandleW, MultiByteToWideChar, WideCharToMultiByte, FlsSetValue, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW, SetEndOfFile, CreateDirectoryW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ReadFile, GetFullPathNameW, SetStdHandle, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue
                                                                                                                                                                                                      ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                                                                      GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                      Dec 18, 2024 08:50:26.654391050 CET497183000192.168.2.7130.193.51.109
                                                                                                                                                                                                      Dec 18, 2024 08:50:26.774076939 CET300049718130.193.51.109192.168.2.7
                                                                                                                                                                                                      Dec 18, 2024 08:50:26.774594069 CET497183000192.168.2.7130.193.51.109
                                                                                                                                                                                                      Dec 18, 2024 08:50:26.774804115 CET497183000192.168.2.7130.193.51.109
                                                                                                                                                                                                      Dec 18, 2024 08:50:26.774871111 CET497183000192.168.2.7130.193.51.109
                                                                                                                                                                                                      Dec 18, 2024 08:50:26.894316912 CET300049718130.193.51.109192.168.2.7
                                                                                                                                                                                                      Dec 18, 2024 08:50:26.894422054 CET300049718130.193.51.109192.168.2.7
                                                                                                                                                                                                      Dec 18, 2024 08:50:29.030052900 CET300049718130.193.51.109192.168.2.7
                                                                                                                                                                                                      Dec 18, 2024 08:50:29.030141115 CET497183000192.168.2.7130.193.51.109
                                                                                                                                                                                                      Dec 18, 2024 08:50:29.030343056 CET497183000192.168.2.7130.193.51.109
                                                                                                                                                                                                      Dec 18, 2024 08:50:29.149801016 CET300049718130.193.51.109192.168.2.7

                                                                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                                                                      • 130.193.51.109:3000

                                                                                                                                                                                                      HTTP Packets

                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                      0192.168.2.749718130.193.51.10930007160C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                      Dec 18, 2024 08:50:26.774804115 CET216OUTPOST /receive_info HTTP/1.1
                                                                                                                                                                                                      Host: 130.193.51.109:3000
                                                                                                                                                                                                      User-Agent: python-requests/2.32.3
                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                      Content-Length: 181
                                                                                                                                                                                                      Content-Type: application/json


                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                      Behavior

                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                      Start time:02:50:18
                                                                                                                                                                                                      Start date:18/12/2024
                                                                                                                                                                                                      Path:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\ihNipdQaIz.exe"
                                                                                                                                                                                                      Imagebase:0x7ff7ec4f0000
                                                                                                                                                                                                      File size:15'920'444 bytes
                                                                                                                                                                                                      MD5 hash:90928B7ED0CCCCA847C033A104B86507
                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Target ID:2
                                                                                                                                                                                                      Start time:02:50:21
                                                                                                                                                                                                      Start date:18/12/2024
                                                                                                                                                                                                      Path:C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\ihNipdQaIz.exe"
                                                                                                                                                                                                      Imagebase:0x7ff7ec4f0000
                                                                                                                                                                                                      File size:15'920'444 bytes
                                                                                                                                                                                                      MD5 hash:90928B7ED0CCCCA847C033A104B86507
                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                        Execution Coverage:9.5%
                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                        Signature Coverage:17.1%
                                                                                                                                                                                                        Total number of Nodes:2000
                                                                                                                                                                                                        Total number of Limit Nodes:37
                                                                                                                                                                                                        execution_graph 16748 7ff7ec50f9fc 16749 7ff7ec50fbee 16748->16749 16751 7ff7ec50fa3e _isindst 16748->16751 16750 7ff7ec504f78 _get_daylight 11 API calls 16749->16750 16768 7ff7ec50fbde 16750->16768 16751->16749 16754 7ff7ec50fabe _isindst 16751->16754 16752 7ff7ec4fc5c0 _log10_special 8 API calls 16753 7ff7ec50fc09 16752->16753 16769 7ff7ec516204 16754->16769 16759 7ff7ec50fc1a 16761 7ff7ec50a970 _isindst 17 API calls 16759->16761 16763 7ff7ec50fc2e 16761->16763 16766 7ff7ec50fb1b 16766->16768 16794 7ff7ec516248 16766->16794 16768->16752 16770 7ff7ec50fadc 16769->16770 16771 7ff7ec516213 16769->16771 16776 7ff7ec515608 16770->16776 16801 7ff7ec510348 EnterCriticalSection 16771->16801 16777 7ff7ec50faf1 16776->16777 16778 7ff7ec515611 16776->16778 16777->16759 16782 7ff7ec515638 16777->16782 16779 7ff7ec504f78 _get_daylight 11 API calls 16778->16779 16780 7ff7ec515616 16779->16780 16781 7ff7ec50a950 _invalid_parameter_noinfo 37 API calls 16780->16781 16781->16777 16783 7ff7ec50fb02 16782->16783 16784 7ff7ec515641 16782->16784 16783->16759 16788 7ff7ec515668 16783->16788 16785 7ff7ec504f78 _get_daylight 11 API calls 16784->16785 16786 7ff7ec515646 16785->16786 16787 7ff7ec50a950 _invalid_parameter_noinfo 37 API calls 16786->16787 16787->16783 16789 7ff7ec515671 16788->16789 16791 7ff7ec50fb13 16788->16791 16790 7ff7ec504f78 _get_daylight 11 API calls 16789->16790 16792 7ff7ec515676 16790->16792 16791->16759 16791->16766 16793 7ff7ec50a950 _invalid_parameter_noinfo 37 API calls 16792->16793 16793->16791 16802 7ff7ec510348 EnterCriticalSection 16794->16802 19457 7ff7ec50c590 19468 7ff7ec510348 EnterCriticalSection 19457->19468 19718 7ff7ec51add9 19721 7ff7ec5054e8 LeaveCriticalSection 19718->19721 19964 7ff7ec51ae6e 19965 7ff7ec51ae87 19964->19965 19966 7ff7ec51ae7d 19964->19966 19968 7ff7ec5103a8 LeaveCriticalSection 19966->19968 19969 7ff7ec505480 19970 7ff7ec50548b 19969->19970 19978 7ff7ec50f314 19970->19978 19991 7ff7ec510348 EnterCriticalSection 19978->19991 15935 7ff7ec510938 15936 7ff7ec51095c 15935->15936 15940 7ff7ec51096c 15935->15940 16088 7ff7ec504f78 15936->16088 15938 7ff7ec510961 15939 7ff7ec510c4c 15942 7ff7ec504f78 _get_daylight 11 API calls 15939->15942 15940->15939 15941 7ff7ec51098e 15940->15941 15943 7ff7ec5109af 15941->15943 16091 7ff7ec510ff4 15941->16091 15944 7ff7ec510c51 15942->15944 15947 7ff7ec510a21 15943->15947 15948 7ff7ec5109d5 15943->15948 15963 7ff7ec510a15 15943->15963 15946 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15944->15946 15946->15938 15950 7ff7ec50ec08 _get_daylight 11 API calls 15947->15950 15961 7ff7ec5109e4 15947->15961 16106 7ff7ec509730 15948->16106 15953 7ff7ec510a37 15950->15953 15957 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15953->15957 15955 7ff7ec5109df 15959 7ff7ec504f78 _get_daylight 11 API calls 15955->15959 15956 7ff7ec510aeb 15962 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15956->15962 15958 7ff7ec510a45 15957->15958 15958->15961 15958->15963 15969 7ff7ec50ec08 _get_daylight 11 API calls 15958->15969 15959->15961 15960 7ff7ec510b3d 15960->15961 15968 7ff7ec51344c 40 API calls 15960->15968 16112 7ff7ec50a9b8 15961->16112 15966 7ff7ec510af4 15962->15966 15963->15961 15965 7ff7ec510ace 15963->15965 16118 7ff7ec51719c 15963->16118 15964 7ff7ec5109fd 15964->15963 15967 7ff7ec510ff4 45 API calls 15964->15967 15965->15956 15965->15960 15976 7ff7ec510af9 15966->15976 16154 7ff7ec51344c 15966->16154 15967->15963 15970 7ff7ec510b7a 15968->15970 15971 7ff7ec510a67 15969->15971 15972 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15970->15972 15974 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15971->15974 15975 7ff7ec510b84 15972->15975 15974->15963 15975->15961 15975->15976 15977 7ff7ec510c40 15976->15977 16066 7ff7ec50ec08 15976->16066 15979 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15977->15979 15978 7ff7ec510b25 15980 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15978->15980 15979->15938 15980->15976 15983 7ff7ec510bd9 16075 7ff7ec50a514 15983->16075 15984 7ff7ec510bd0 15985 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15984->15985 15987 7ff7ec510bd7 15985->15987 15991 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15987->15991 15989 7ff7ec510c7b 16084 7ff7ec50a970 IsProcessorFeaturePresent 15989->16084 15990 7ff7ec510bf0 16163 7ff7ec5172b4 15990->16163 15991->15938 15997 7ff7ec510c17 16001 7ff7ec504f78 _get_daylight 11 API calls 15997->16001 15998 7ff7ec510c38 16000 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15998->16000 16000->15977 16002 7ff7ec510c1c 16001->16002 16005 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16002->16005 16005->15987 16067 7ff7ec50ec19 16066->16067 16073 7ff7ec50ec27 _get_daylight 16066->16073 16068 7ff7ec50ec6a 16067->16068 16067->16073 16071 7ff7ec504f78 _get_daylight 10 API calls 16068->16071 16069 7ff7ec50ec4e HeapAlloc 16070 7ff7ec50ec68 16069->16070 16069->16073 16072 7ff7ec50ec6f 16070->16072 16071->16072 16072->15983 16072->15984 16073->16068 16073->16069 16182 7ff7ec513600 16073->16182 16076 7ff7ec50a52b 16075->16076 16077 7ff7ec50a521 16075->16077 16078 7ff7ec504f78 _get_daylight 11 API calls 16076->16078 16077->16076 16082 7ff7ec50a546 16077->16082 16079 7ff7ec50a532 16078->16079 16191 7ff7ec50a950 16079->16191 16080 7ff7ec50a53e 16080->15989 16080->15990 16082->16080 16083 7ff7ec504f78 _get_daylight 11 API calls 16082->16083 16083->16079 16085 7ff7ec50a983 16084->16085 16253 7ff7ec50a684 16085->16253 16275 7ff7ec50b338 GetLastError 16088->16275 16090 7ff7ec504f81 16090->15938 16092 7ff7ec511029 16091->16092 16098 7ff7ec511011 16091->16098 16093 7ff7ec50ec08 _get_daylight 11 API calls 16092->16093 16101 7ff7ec51104d 16093->16101 16094 7ff7ec5110ae 16096 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16094->16096 16096->16098 16098->15943 16099 7ff7ec50ec08 _get_daylight 11 API calls 16099->16101 16100 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16100->16101 16101->16094 16101->16099 16101->16100 16102 7ff7ec50a514 __std_exception_copy 37 API calls 16101->16102 16103 7ff7ec5110bd 16101->16103 16105 7ff7ec5110d2 16101->16105 16102->16101 16104 7ff7ec50a970 _isindst 17 API calls 16103->16104 16104->16105 16292 7ff7ec50a574 16105->16292 16107 7ff7ec509740 16106->16107 16110 7ff7ec509749 16106->16110 16107->16110 16358 7ff7ec509208 16107->16358 16110->15955 16110->15964 16113 7ff7ec50a9bd RtlFreeHeap 16112->16113 16114 7ff7ec50a9ec 16112->16114 16113->16114 16115 7ff7ec50a9d8 GetLastError 16113->16115 16114->15938 16116 7ff7ec50a9e5 Concurrency::details::SchedulerProxy::DeleteThis 16115->16116 16117 7ff7ec504f78 _get_daylight 9 API calls 16116->16117 16117->16114 16119 7ff7ec5171a9 16118->16119 16120 7ff7ec5162c4 16118->16120 16122 7ff7ec504fbc 45 API calls 16119->16122 16121 7ff7ec5162d1 16120->16121 16129 7ff7ec516307 16120->16129 16124 7ff7ec504f78 _get_daylight 11 API calls 16121->16124 16128 7ff7ec516278 16121->16128 16123 7ff7ec5171dd 16122->16123 16130 7ff7ec5171f3 16123->16130 16133 7ff7ec51720a 16123->16133 16149 7ff7ec5171e2 16123->16149 16126 7ff7ec5162db 16124->16126 16125 7ff7ec516331 16127 7ff7ec504f78 _get_daylight 11 API calls 16125->16127 16131 7ff7ec50a950 _invalid_parameter_noinfo 37 API calls 16126->16131 16132 7ff7ec516336 16127->16132 16128->15963 16129->16125 16137 7ff7ec516356 16129->16137 16134 7ff7ec504f78 _get_daylight 11 API calls 16130->16134 16135 7ff7ec5162e6 16131->16135 16136 7ff7ec50a950 _invalid_parameter_noinfo 37 API calls 16132->16136 16140 7ff7ec517214 16133->16140 16141 7ff7ec517226 16133->16141 16139 7ff7ec5171f8 16134->16139 16135->15963 16144 7ff7ec516341 16136->16144 16138 7ff7ec504fbc 45 API calls 16137->16138 16137->16144 16138->16144 16145 7ff7ec50a950 _invalid_parameter_noinfo 37 API calls 16139->16145 16146 7ff7ec504f78 _get_daylight 11 API calls 16140->16146 16142 7ff7ec517237 16141->16142 16143 7ff7ec51724e 16141->16143 16650 7ff7ec516314 16142->16650 16659 7ff7ec518fbc 16143->16659 16144->15963 16145->16149 16150 7ff7ec517219 16146->16150 16149->15963 16152 7ff7ec50a950 _invalid_parameter_noinfo 37 API calls 16150->16152 16152->16149 16153 7ff7ec504f78 _get_daylight 11 API calls 16153->16149 16155 7ff7ec51348b 16154->16155 16156 7ff7ec51346e 16154->16156 16158 7ff7ec513495 16155->16158 16699 7ff7ec517ca8 16155->16699 16156->16155 16157 7ff7ec51347c 16156->16157 16159 7ff7ec504f78 _get_daylight 11 API calls 16157->16159 16706 7ff7ec517ce4 16158->16706 16161 7ff7ec513481 __scrt_get_show_window_mode 16159->16161 16161->15978 16164 7ff7ec504fbc 45 API calls 16163->16164 16165 7ff7ec51731a 16164->16165 16166 7ff7ec517328 16165->16166 16718 7ff7ec50ef94 16165->16718 16721 7ff7ec50551c 16166->16721 16170 7ff7ec517414 16173 7ff7ec517425 16170->16173 16174 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16170->16174 16171 7ff7ec504fbc 45 API calls 16172 7ff7ec517397 16171->16172 16176 7ff7ec50ef94 5 API calls 16172->16176 16178 7ff7ec5173a0 16172->16178 16175 7ff7ec510c13 16173->16175 16177 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16173->16177 16174->16173 16175->15997 16175->15998 16176->16178 16177->16175 16179 7ff7ec50551c 14 API calls 16178->16179 16180 7ff7ec5173fb 16179->16180 16180->16170 16181 7ff7ec517403 SetEnvironmentVariableW 16180->16181 16181->16170 16185 7ff7ec513640 16182->16185 16190 7ff7ec510348 EnterCriticalSection 16185->16190 16194 7ff7ec50a7e8 16191->16194 16193 7ff7ec50a969 16193->16080 16195 7ff7ec50a813 16194->16195 16198 7ff7ec50a884 16195->16198 16197 7ff7ec50a83a 16197->16193 16208 7ff7ec50a5cc 16198->16208 16202 7ff7ec50a8bf 16202->16197 16204 7ff7ec50a970 _isindst 17 API calls 16205 7ff7ec50a94f 16204->16205 16206 7ff7ec50a7e8 _invalid_parameter_noinfo 37 API calls 16205->16206 16207 7ff7ec50a969 16206->16207 16207->16197 16209 7ff7ec50a5e8 GetLastError 16208->16209 16210 7ff7ec50a623 16208->16210 16211 7ff7ec50a5f8 16209->16211 16210->16202 16214 7ff7ec50a638 16210->16214 16217 7ff7ec50b400 16211->16217 16215 7ff7ec50a66c 16214->16215 16216 7ff7ec50a654 GetLastError SetLastError 16214->16216 16215->16202 16215->16204 16216->16215 16218 7ff7ec50b43a FlsSetValue 16217->16218 16219 7ff7ec50b41f FlsGetValue 16217->16219 16221 7ff7ec50b447 16218->16221 16222 7ff7ec50a613 SetLastError 16218->16222 16220 7ff7ec50b434 16219->16220 16219->16222 16220->16218 16223 7ff7ec50ec08 _get_daylight 11 API calls 16221->16223 16222->16210 16224 7ff7ec50b456 16223->16224 16225 7ff7ec50b474 FlsSetValue 16224->16225 16226 7ff7ec50b464 FlsSetValue 16224->16226 16228 7ff7ec50b480 FlsSetValue 16225->16228 16229 7ff7ec50b492 16225->16229 16227 7ff7ec50b46d 16226->16227 16230 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16227->16230 16228->16227 16234 7ff7ec50af64 16229->16234 16230->16222 16239 7ff7ec50ae3c 16234->16239 16251 7ff7ec510348 EnterCriticalSection 16239->16251 16254 7ff7ec50a6be __GetCurrentState __scrt_get_show_window_mode 16253->16254 16255 7ff7ec50a6e6 RtlCaptureContext RtlLookupFunctionEntry 16254->16255 16256 7ff7ec50a720 RtlVirtualUnwind 16255->16256 16257 7ff7ec50a756 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16255->16257 16256->16257 16258 7ff7ec50a7a8 __GetCurrentState 16257->16258 16261 7ff7ec4fc5c0 16258->16261 16262 7ff7ec4fc5c9 16261->16262 16263 7ff7ec4fc5d4 GetCurrentProcess TerminateProcess 16262->16263 16264 7ff7ec4fc950 IsProcessorFeaturePresent 16262->16264 16265 7ff7ec4fc968 16264->16265 16270 7ff7ec4fcb48 RtlCaptureContext 16265->16270 16271 7ff7ec4fcb62 RtlLookupFunctionEntry 16270->16271 16272 7ff7ec4fc97b 16271->16272 16273 7ff7ec4fcb78 RtlVirtualUnwind 16271->16273 16274 7ff7ec4fc910 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16272->16274 16273->16271 16273->16272 16276 7ff7ec50b379 FlsSetValue 16275->16276 16281 7ff7ec50b35c 16275->16281 16277 7ff7ec50b38b 16276->16277 16278 7ff7ec50b369 16276->16278 16280 7ff7ec50ec08 _get_daylight 5 API calls 16277->16280 16279 7ff7ec50b3e5 SetLastError 16278->16279 16279->16090 16282 7ff7ec50b39a 16280->16282 16281->16276 16281->16278 16283 7ff7ec50b3b8 FlsSetValue 16282->16283 16284 7ff7ec50b3a8 FlsSetValue 16282->16284 16286 7ff7ec50b3c4 FlsSetValue 16283->16286 16287 7ff7ec50b3d6 16283->16287 16285 7ff7ec50b3b1 16284->16285 16288 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 16285->16288 16286->16285 16289 7ff7ec50af64 _get_daylight 5 API calls 16287->16289 16288->16278 16290 7ff7ec50b3de 16289->16290 16291 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 16290->16291 16291->16279 16301 7ff7ec5136c0 16292->16301 16327 7ff7ec513678 16301->16327 16332 7ff7ec510348 EnterCriticalSection 16327->16332 16359 7ff7ec50921d 16358->16359 16360 7ff7ec509221 16358->16360 16359->16110 16373 7ff7ec50955c 16359->16373 16381 7ff7ec512660 16360->16381 16365 7ff7ec50923f 16407 7ff7ec5092ec 16365->16407 16366 7ff7ec509233 16367 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16366->16367 16367->16359 16370 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16371 7ff7ec509266 16370->16371 16372 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16371->16372 16372->16359 16374 7ff7ec509585 16373->16374 16379 7ff7ec50959e 16373->16379 16374->16110 16375 7ff7ec510858 WideCharToMultiByte 16375->16379 16376 7ff7ec50ec08 _get_daylight 11 API calls 16376->16379 16377 7ff7ec50962e 16378 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16377->16378 16378->16374 16379->16374 16379->16375 16379->16376 16379->16377 16380 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16379->16380 16380->16379 16382 7ff7ec51266d 16381->16382 16386 7ff7ec509226 16381->16386 16426 7ff7ec50b294 16382->16426 16387 7ff7ec51299c GetEnvironmentStringsW 16386->16387 16388 7ff7ec5129cc 16387->16388 16389 7ff7ec50922b 16387->16389 16390 7ff7ec510858 WideCharToMultiByte 16388->16390 16389->16365 16389->16366 16391 7ff7ec512a1d 16390->16391 16392 7ff7ec512a24 FreeEnvironmentStringsW 16391->16392 16393 7ff7ec50d66c _fread_nolock 12 API calls 16391->16393 16392->16389 16394 7ff7ec512a37 16393->16394 16395 7ff7ec512a48 16394->16395 16396 7ff7ec512a3f 16394->16396 16397 7ff7ec510858 WideCharToMultiByte 16395->16397 16398 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16396->16398 16399 7ff7ec512a6b 16397->16399 16400 7ff7ec512a46 16398->16400 16401 7ff7ec512a79 16399->16401 16402 7ff7ec512a6f 16399->16402 16400->16392 16404 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16401->16404 16403 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16402->16403 16405 7ff7ec512a77 FreeEnvironmentStringsW 16403->16405 16404->16405 16405->16389 16408 7ff7ec509311 16407->16408 16409 7ff7ec50ec08 _get_daylight 11 API calls 16408->16409 16422 7ff7ec509347 16409->16422 16410 7ff7ec50934f 16411 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16410->16411 16412 7ff7ec509247 16411->16412 16412->16370 16413 7ff7ec5093c2 16414 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16413->16414 16414->16412 16415 7ff7ec50ec08 _get_daylight 11 API calls 16415->16422 16416 7ff7ec5093b1 16644 7ff7ec509518 16416->16644 16418 7ff7ec50a514 __std_exception_copy 37 API calls 16418->16422 16420 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16420->16410 16421 7ff7ec5093e7 16423 7ff7ec50a970 _isindst 17 API calls 16421->16423 16422->16410 16422->16413 16422->16415 16422->16416 16422->16418 16422->16421 16424 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16422->16424 16425 7ff7ec5093fa 16423->16425 16424->16422 16427 7ff7ec50b2c0 FlsSetValue 16426->16427 16428 7ff7ec50b2a5 FlsGetValue 16426->16428 16430 7ff7ec50b2b2 16427->16430 16431 7ff7ec50b2cd 16427->16431 16429 7ff7ec50b2ba 16428->16429 16428->16430 16429->16427 16432 7ff7ec50b2b8 16430->16432 16433 7ff7ec50a574 __GetCurrentState 45 API calls 16430->16433 16434 7ff7ec50ec08 _get_daylight 11 API calls 16431->16434 16446 7ff7ec512334 16432->16446 16435 7ff7ec50b335 16433->16435 16436 7ff7ec50b2dc 16434->16436 16437 7ff7ec50b2fa FlsSetValue 16436->16437 16438 7ff7ec50b2ea FlsSetValue 16436->16438 16439 7ff7ec50b318 16437->16439 16440 7ff7ec50b306 FlsSetValue 16437->16440 16441 7ff7ec50b2f3 16438->16441 16442 7ff7ec50af64 _get_daylight 11 API calls 16439->16442 16440->16441 16443 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16441->16443 16444 7ff7ec50b320 16442->16444 16443->16430 16445 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16444->16445 16445->16432 16469 7ff7ec5125a4 16446->16469 16448 7ff7ec512369 16484 7ff7ec512034 16448->16484 16453 7ff7ec51239f 16454 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16453->16454 16455 7ff7ec512386 16454->16455 16455->16386 16456 7ff7ec5123ae 16456->16456 16498 7ff7ec5126dc 16456->16498 16459 7ff7ec5124aa 16460 7ff7ec504f78 _get_daylight 11 API calls 16459->16460 16462 7ff7ec5124af 16460->16462 16461 7ff7ec512505 16464 7ff7ec51256c 16461->16464 16509 7ff7ec511e64 16461->16509 16465 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16462->16465 16463 7ff7ec5124c4 16463->16461 16466 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16463->16466 16468 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16464->16468 16465->16455 16466->16461 16468->16455 16470 7ff7ec5125c7 16469->16470 16471 7ff7ec5125d1 16470->16471 16524 7ff7ec510348 EnterCriticalSection 16470->16524 16473 7ff7ec512643 16471->16473 16476 7ff7ec50a574 __GetCurrentState 45 API calls 16471->16476 16473->16448 16478 7ff7ec51265b 16476->16478 16480 7ff7ec50b294 50 API calls 16478->16480 16483 7ff7ec5126b2 16478->16483 16481 7ff7ec51269c 16480->16481 16482 7ff7ec512334 65 API calls 16481->16482 16482->16483 16483->16448 16525 7ff7ec504fbc 16484->16525 16487 7ff7ec512054 GetOEMCP 16489 7ff7ec51207b 16487->16489 16488 7ff7ec512066 16488->16489 16490 7ff7ec51206b GetACP 16488->16490 16489->16455 16491 7ff7ec50d66c 16489->16491 16490->16489 16492 7ff7ec50d6b7 16491->16492 16493 7ff7ec50d67b _get_daylight 16491->16493 16494 7ff7ec504f78 _get_daylight 11 API calls 16492->16494 16493->16492 16495 7ff7ec50d69e HeapAlloc 16493->16495 16497 7ff7ec513600 _get_daylight 2 API calls 16493->16497 16496 7ff7ec50d6b5 16494->16496 16495->16493 16495->16496 16496->16453 16496->16456 16497->16493 16499 7ff7ec512034 47 API calls 16498->16499 16500 7ff7ec512709 16499->16500 16501 7ff7ec51285f 16500->16501 16502 7ff7ec512746 IsValidCodePage 16500->16502 16508 7ff7ec512760 __scrt_get_show_window_mode 16500->16508 16503 7ff7ec4fc5c0 _log10_special 8 API calls 16501->16503 16502->16501 16504 7ff7ec512757 16502->16504 16505 7ff7ec5124a1 16503->16505 16506 7ff7ec512786 GetCPInfo 16504->16506 16504->16508 16505->16459 16505->16463 16506->16501 16506->16508 16557 7ff7ec51214c 16508->16557 16643 7ff7ec510348 EnterCriticalSection 16509->16643 16526 7ff7ec504fe0 16525->16526 16527 7ff7ec504fdb 16525->16527 16526->16527 16528 7ff7ec50b1c0 __GetCurrentState 45 API calls 16526->16528 16527->16487 16527->16488 16529 7ff7ec504ffb 16528->16529 16533 7ff7ec50d9f4 16529->16533 16534 7ff7ec50da09 16533->16534 16535 7ff7ec50501e 16533->16535 16534->16535 16541 7ff7ec513374 16534->16541 16537 7ff7ec50da60 16535->16537 16538 7ff7ec50da88 16537->16538 16539 7ff7ec50da75 16537->16539 16538->16527 16539->16538 16554 7ff7ec5126c0 16539->16554 16542 7ff7ec50b1c0 __GetCurrentState 45 API calls 16541->16542 16543 7ff7ec513383 16542->16543 16544 7ff7ec5133ce 16543->16544 16553 7ff7ec510348 EnterCriticalSection 16543->16553 16544->16535 16555 7ff7ec50b1c0 __GetCurrentState 45 API calls 16554->16555 16556 7ff7ec5126c9 16555->16556 16558 7ff7ec512189 GetCPInfo 16557->16558 16567 7ff7ec51227f 16557->16567 16563 7ff7ec51219c 16558->16563 16558->16567 16559 7ff7ec4fc5c0 _log10_special 8 API calls 16560 7ff7ec51231e 16559->16560 16560->16501 16568 7ff7ec512eb0 16563->16568 16567->16559 16569 7ff7ec504fbc 45 API calls 16568->16569 16570 7ff7ec512ef2 16569->16570 16588 7ff7ec50f910 16570->16588 16590 7ff7ec50f919 MultiByteToWideChar 16588->16590 16645 7ff7ec5093b9 16644->16645 16646 7ff7ec50951d 16644->16646 16645->16420 16647 7ff7ec509546 16646->16647 16648 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16646->16648 16649 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16647->16649 16648->16646 16649->16645 16651 7ff7ec516348 16650->16651 16652 7ff7ec516331 16650->16652 16651->16652 16655 7ff7ec516356 16651->16655 16653 7ff7ec504f78 _get_daylight 11 API calls 16652->16653 16654 7ff7ec516336 16653->16654 16656 7ff7ec50a950 _invalid_parameter_noinfo 37 API calls 16654->16656 16657 7ff7ec504fbc 45 API calls 16655->16657 16658 7ff7ec516341 16655->16658 16656->16658 16657->16658 16658->16149 16660 7ff7ec504fbc 45 API calls 16659->16660 16661 7ff7ec518fe1 16660->16661 16664 7ff7ec518c38 16661->16664 16666 7ff7ec518c86 16664->16666 16665 7ff7ec4fc5c0 _log10_special 8 API calls 16667 7ff7ec517275 16665->16667 16668 7ff7ec518d0d 16666->16668 16670 7ff7ec518cf8 GetCPInfo 16666->16670 16673 7ff7ec518d11 16666->16673 16667->16149 16667->16153 16669 7ff7ec50f910 _fread_nolock MultiByteToWideChar 16668->16669 16668->16673 16671 7ff7ec518da5 16669->16671 16670->16668 16670->16673 16672 7ff7ec50d66c _fread_nolock 12 API calls 16671->16672 16671->16673 16674 7ff7ec518ddc 16671->16674 16672->16674 16673->16665 16674->16673 16675 7ff7ec50f910 _fread_nolock MultiByteToWideChar 16674->16675 16676 7ff7ec518e4a 16675->16676 16677 7ff7ec50f910 _fread_nolock MultiByteToWideChar 16676->16677 16686 7ff7ec518f2c 16676->16686 16679 7ff7ec518e70 16677->16679 16678 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16678->16673 16680 7ff7ec50d66c _fread_nolock 12 API calls 16679->16680 16681 7ff7ec518e9d 16679->16681 16679->16686 16680->16681 16682 7ff7ec50f910 _fread_nolock MultiByteToWideChar 16681->16682 16681->16686 16683 7ff7ec518f14 16682->16683 16684 7ff7ec518f1a 16683->16684 16685 7ff7ec518f34 16683->16685 16684->16686 16688 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16684->16688 16693 7ff7ec50efd8 16685->16693 16686->16673 16686->16678 16688->16686 16690 7ff7ec518f73 16690->16673 16692 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16690->16692 16691 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16691->16690 16692->16673 16694 7ff7ec50ed80 __crtLCMapStringW 5 API calls 16693->16694 16695 7ff7ec50f016 16694->16695 16696 7ff7ec50f240 __crtLCMapStringW 5 API calls 16695->16696 16697 7ff7ec50f01e 16695->16697 16698 7ff7ec50f087 CompareStringW 16696->16698 16697->16690 16697->16691 16698->16697 16700 7ff7ec517cca HeapSize 16699->16700 16701 7ff7ec517cb1 16699->16701 16702 7ff7ec504f78 _get_daylight 11 API calls 16701->16702 16703 7ff7ec517cb6 16702->16703 16704 7ff7ec50a950 _invalid_parameter_noinfo 37 API calls 16703->16704 16705 7ff7ec517cc1 16704->16705 16705->16158 16707 7ff7ec517cf9 16706->16707 16708 7ff7ec517d03 16706->16708 16709 7ff7ec50d66c _fread_nolock 12 API calls 16707->16709 16710 7ff7ec517d08 16708->16710 16716 7ff7ec517d0f _get_daylight 16708->16716 16714 7ff7ec517d01 16709->16714 16711 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16710->16711 16711->16714 16712 7ff7ec517d42 HeapReAlloc 16712->16714 16712->16716 16713 7ff7ec517d15 16715 7ff7ec504f78 _get_daylight 11 API calls 16713->16715 16714->16161 16715->16714 16716->16712 16716->16713 16717 7ff7ec513600 _get_daylight 2 API calls 16716->16717 16717->16716 16719 7ff7ec50ed80 __crtLCMapStringW 5 API calls 16718->16719 16720 7ff7ec50efb4 16719->16720 16720->16166 16722 7ff7ec505546 16721->16722 16723 7ff7ec50556a 16721->16723 16727 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16722->16727 16729 7ff7ec505555 16722->16729 16724 7ff7ec5055c4 16723->16724 16725 7ff7ec50556f 16723->16725 16726 7ff7ec50f910 _fread_nolock MultiByteToWideChar 16724->16726 16728 7ff7ec505584 16725->16728 16725->16729 16730 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16725->16730 16736 7ff7ec5055e0 16726->16736 16727->16729 16731 7ff7ec50d66c _fread_nolock 12 API calls 16728->16731 16729->16170 16729->16171 16730->16728 16731->16729 16732 7ff7ec5055e7 GetLastError 16743 7ff7ec504eec 16732->16743 16734 7ff7ec505622 16734->16729 16738 7ff7ec50f910 _fread_nolock MultiByteToWideChar 16734->16738 16736->16732 16736->16734 16737 7ff7ec505615 16736->16737 16740 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16736->16740 16741 7ff7ec50d66c _fread_nolock 12 API calls 16737->16741 16742 7ff7ec505666 16738->16742 16739 7ff7ec504f78 _get_daylight 11 API calls 16739->16729 16740->16737 16741->16734 16742->16729 16742->16732 16744 7ff7ec50b338 _get_daylight 11 API calls 16743->16744 16745 7ff7ec504ef9 Concurrency::details::SchedulerProxy::DeleteThis 16744->16745 16746 7ff7ec50b338 _get_daylight 11 API calls 16745->16746 16747 7ff7ec504f1b 16746->16747 16747->16739 19744 7ff7ec509dc0 19747 7ff7ec509d3c 19744->19747 19754 7ff7ec510348 EnterCriticalSection 19747->19754 20022 7ff7ec50b040 20023 7ff7ec50b05a 20022->20023 20024 7ff7ec50b045 20022->20024 20028 7ff7ec50b060 20024->20028 20029 7ff7ec50b0aa 20028->20029 20030 7ff7ec50b0a2 20028->20030 20032 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20029->20032 20031 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20030->20031 20031->20029 20033 7ff7ec50b0b7 20032->20033 20034 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20033->20034 20035 7ff7ec50b0c4 20034->20035 20036 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20035->20036 20037 7ff7ec50b0d1 20036->20037 20038 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20037->20038 20039 7ff7ec50b0de 20038->20039 20040 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20039->20040 20041 7ff7ec50b0eb 20040->20041 20042 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20041->20042 20043 7ff7ec50b0f8 20042->20043 20044 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20043->20044 20045 7ff7ec50b105 20044->20045 20046 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20045->20046 20047 7ff7ec50b115 20046->20047 20048 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20047->20048 20049 7ff7ec50b125 20048->20049 20054 7ff7ec50af04 20049->20054 20068 7ff7ec510348 EnterCriticalSection 20054->20068 16808 7ff7ec4fccac 16829 7ff7ec4fce7c 16808->16829 16811 7ff7ec4fcdf8 16983 7ff7ec4fd19c IsProcessorFeaturePresent 16811->16983 16812 7ff7ec4fccc8 __scrt_acquire_startup_lock 16814 7ff7ec4fce02 16812->16814 16819 7ff7ec4fcce6 __scrt_release_startup_lock 16812->16819 16815 7ff7ec4fd19c 7 API calls 16814->16815 16817 7ff7ec4fce0d __GetCurrentState 16815->16817 16816 7ff7ec4fcd0b 16818 7ff7ec4fcd91 16835 7ff7ec4fd2e4 16818->16835 16819->16816 16819->16818 16972 7ff7ec509b9c 16819->16972 16821 7ff7ec4fcd96 16838 7ff7ec4f1000 16821->16838 16826 7ff7ec4fcdb9 16826->16817 16979 7ff7ec4fd000 16826->16979 16830 7ff7ec4fce84 16829->16830 16831 7ff7ec4fce90 __scrt_dllmain_crt_thread_attach 16830->16831 16832 7ff7ec4fccc0 16831->16832 16833 7ff7ec4fce9d 16831->16833 16832->16811 16832->16812 16833->16832 16990 7ff7ec4fd8f8 16833->16990 17017 7ff7ec51a540 16835->17017 16837 7ff7ec4fd2fb GetStartupInfoW 16837->16821 16839 7ff7ec4f1009 16838->16839 17019 7ff7ec5054f4 16839->17019 16841 7ff7ec4f37fb 17026 7ff7ec4f36b0 16841->17026 16845 7ff7ec4fc5c0 _log10_special 8 API calls 16847 7ff7ec4f3ca7 16845->16847 16977 7ff7ec4fd328 GetModuleHandleW 16847->16977 16848 7ff7ec4f391b 17202 7ff7ec4f45b0 16848->17202 16849 7ff7ec4f383c 17193 7ff7ec4f1c80 16849->17193 16853 7ff7ec4f385b 17098 7ff7ec4f8a20 16853->17098 16854 7ff7ec4f396a 17225 7ff7ec4f2710 16854->17225 16858 7ff7ec4f388e 16865 7ff7ec4f38bb __std_exception_copy 16858->16865 17197 7ff7ec4f8b90 16858->17197 16859 7ff7ec4f395d 16860 7ff7ec4f3984 16859->16860 16861 7ff7ec4f3962 16859->16861 16864 7ff7ec4f1c80 49 API calls 16860->16864 17221 7ff7ec5000bc 16861->17221 16866 7ff7ec4f39a3 16864->16866 16867 7ff7ec4f8a20 14 API calls 16865->16867 16875 7ff7ec4f38de __std_exception_copy 16865->16875 16870 7ff7ec4f1950 115 API calls 16866->16870 16867->16875 16868 7ff7ec4f8b30 40 API calls 16869 7ff7ec4f3a0b 16868->16869 16871 7ff7ec4f8b90 40 API calls 16869->16871 16872 7ff7ec4f39ce 16870->16872 16873 7ff7ec4f3a17 16871->16873 16872->16853 16874 7ff7ec4f39de 16872->16874 16876 7ff7ec4f8b90 40 API calls 16873->16876 16877 7ff7ec4f2710 54 API calls 16874->16877 16875->16868 16880 7ff7ec4f390e __std_exception_copy 16875->16880 16878 7ff7ec4f3a23 16876->16878 16886 7ff7ec4f3808 __std_exception_copy 16877->16886 16879 7ff7ec4f8b90 40 API calls 16878->16879 16879->16880 16881 7ff7ec4f8a20 14 API calls 16880->16881 16882 7ff7ec4f3a3b 16881->16882 16883 7ff7ec4f3b2f 16882->16883 16884 7ff7ec4f3a60 __std_exception_copy 16882->16884 16885 7ff7ec4f2710 54 API calls 16883->16885 16895 7ff7ec4f3aab 16884->16895 17111 7ff7ec4f8b30 16884->17111 16885->16886 16886->16845 16888 7ff7ec4f8a20 14 API calls 16889 7ff7ec4f3bf4 __std_exception_copy 16888->16889 16890 7ff7ec4f3c46 16889->16890 16891 7ff7ec4f3d41 16889->16891 16892 7ff7ec4f3cd4 16890->16892 16893 7ff7ec4f3c50 16890->16893 17236 7ff7ec4f44d0 16891->17236 16897 7ff7ec4f8a20 14 API calls 16892->16897 17118 7ff7ec4f90e0 16893->17118 16895->16888 16900 7ff7ec4f3ce0 16897->16900 16898 7ff7ec4f3d4f 16901 7ff7ec4f3d65 16898->16901 16902 7ff7ec4f3d71 16898->16902 16904 7ff7ec4f3c61 16900->16904 16907 7ff7ec4f3ced 16900->16907 17239 7ff7ec4f4620 16901->17239 16903 7ff7ec4f1c80 49 API calls 16902->16903 16915 7ff7ec4f3cc8 __std_exception_copy 16903->16915 16910 7ff7ec4f2710 54 API calls 16904->16910 16911 7ff7ec4f1c80 49 API calls 16907->16911 16908 7ff7ec4f3dc4 17168 7ff7ec4f9400 16908->17168 16910->16886 16913 7ff7ec4f3d0b 16911->16913 16914 7ff7ec4f3d12 16913->16914 16913->16915 16918 7ff7ec4f2710 54 API calls 16914->16918 16915->16908 16916 7ff7ec4f3da7 SetDllDirectoryW LoadLibraryExW 16915->16916 16916->16908 16917 7ff7ec4f3dd7 SetDllDirectoryW 16920 7ff7ec4f3e0a 16917->16920 16961 7ff7ec4f3e5a 16917->16961 16918->16886 16922 7ff7ec4f8a20 14 API calls 16920->16922 16921 7ff7ec4f3ffc 16924 7ff7ec4f4006 PostMessageW GetMessageW 16921->16924 16925 7ff7ec4f4029 16921->16925 16928 7ff7ec4f3e16 __std_exception_copy 16922->16928 16923 7ff7ec4f3f1b 17173 7ff7ec4f33c0 16923->17173 16924->16925 17316 7ff7ec4f3360 16925->17316 16930 7ff7ec4f3ef2 16928->16930 16934 7ff7ec4f3e4e 16928->16934 16933 7ff7ec4f8b30 40 API calls 16930->16933 16933->16961 16934->16961 17242 7ff7ec4f6db0 16934->17242 16940 7ff7ec4f6fb0 FreeLibrary 16943 7ff7ec4f404f 16940->16943 16950 7ff7ec4f3e81 16952 7ff7ec4f3ea2 16950->16952 16964 7ff7ec4f3e85 16950->16964 17263 7ff7ec4f6df0 16950->17263 16952->16964 17282 7ff7ec4f71a0 16952->17282 16961->16921 16961->16923 16964->16961 17298 7ff7ec4f2a50 16964->17298 16973 7ff7ec509bb3 16972->16973 16974 7ff7ec509bd4 16972->16974 16973->16818 19339 7ff7ec50a448 16974->19339 16978 7ff7ec4fd339 16977->16978 16978->16826 16980 7ff7ec4fd011 16979->16980 16981 7ff7ec4fcdd0 16980->16981 16982 7ff7ec4fd8f8 7 API calls 16980->16982 16981->16816 16982->16981 16984 7ff7ec4fd1c2 __GetCurrentState __scrt_get_show_window_mode 16983->16984 16985 7ff7ec4fd1e1 RtlCaptureContext RtlLookupFunctionEntry 16984->16985 16986 7ff7ec4fd246 __scrt_get_show_window_mode 16985->16986 16987 7ff7ec4fd20a RtlVirtualUnwind 16985->16987 16988 7ff7ec4fd278 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16986->16988 16987->16986 16989 7ff7ec4fd2c6 __GetCurrentState 16988->16989 16989->16814 16991 7ff7ec4fd900 16990->16991 16992 7ff7ec4fd90a 16990->16992 16996 7ff7ec4fdc94 16991->16996 16992->16832 16997 7ff7ec4fdca3 16996->16997 16998 7ff7ec4fd905 16996->16998 17004 7ff7ec4fded0 16997->17004 17000 7ff7ec4fdd00 16998->17000 17001 7ff7ec4fdd2b 17000->17001 17002 7ff7ec4fdd2f 17001->17002 17003 7ff7ec4fdd0e DeleteCriticalSection 17001->17003 17002->16992 17003->17001 17008 7ff7ec4fdd38 17004->17008 17009 7ff7ec4fdd7c __vcrt_InitializeCriticalSectionEx 17008->17009 17015 7ff7ec4fde22 TlsFree 17008->17015 17010 7ff7ec4fddaa LoadLibraryExW 17009->17010 17011 7ff7ec4fde69 GetProcAddress 17009->17011 17009->17015 17016 7ff7ec4fdded LoadLibraryExW 17009->17016 17012 7ff7ec4fddcb GetLastError 17010->17012 17013 7ff7ec4fde49 17010->17013 17011->17015 17012->17009 17013->17011 17014 7ff7ec4fde60 FreeLibrary 17013->17014 17014->17011 17016->17009 17016->17013 17018 7ff7ec51a530 17017->17018 17018->16837 17018->17018 17022 7ff7ec50f4f0 17019->17022 17020 7ff7ec50f543 17021 7ff7ec50a884 _invalid_parameter_noinfo 37 API calls 17020->17021 17025 7ff7ec50f56c 17021->17025 17022->17020 17023 7ff7ec50f596 17022->17023 17329 7ff7ec50f3c8 17023->17329 17025->16841 17337 7ff7ec4fc8c0 17026->17337 17029 7ff7ec4f3710 17339 7ff7ec4f92f0 FindFirstFileExW 17029->17339 17030 7ff7ec4f36eb GetLastError 17344 7ff7ec4f2c50 17030->17344 17034 7ff7ec4f3706 17037 7ff7ec4fc5c0 _log10_special 8 API calls 17034->17037 17035 7ff7ec4f3723 17359 7ff7ec4f9370 CreateFileW 17035->17359 17036 7ff7ec4f377d 17370 7ff7ec4f94b0 17036->17370 17040 7ff7ec4f37b5 17037->17040 17040->16886 17048 7ff7ec4f1950 17040->17048 17042 7ff7ec4f378b 17042->17034 17046 7ff7ec4f2810 49 API calls 17042->17046 17043 7ff7ec4f3734 17362 7ff7ec4f2810 17043->17362 17044 7ff7ec4f374c __vcrt_InitializeCriticalSectionEx 17044->17036 17046->17034 17049 7ff7ec4f45b0 108 API calls 17048->17049 17050 7ff7ec4f1985 17049->17050 17051 7ff7ec4f1c43 17050->17051 17053 7ff7ec4f7f80 83 API calls 17050->17053 17052 7ff7ec4fc5c0 _log10_special 8 API calls 17051->17052 17054 7ff7ec4f1c5e 17052->17054 17055 7ff7ec4f19cb 17053->17055 17054->16848 17054->16849 17097 7ff7ec4f1a03 17055->17097 17715 7ff7ec500744 17055->17715 17056 7ff7ec5000bc 74 API calls 17056->17051 17058 7ff7ec4f19e5 17059 7ff7ec4f19e9 17058->17059 17060 7ff7ec4f1a08 17058->17060 17061 7ff7ec504f78 _get_daylight 11 API calls 17059->17061 17719 7ff7ec50040c 17060->17719 17063 7ff7ec4f19ee 17061->17063 17722 7ff7ec4f2910 17063->17722 17066 7ff7ec4f1a45 17070 7ff7ec4f1a7b 17066->17070 17071 7ff7ec4f1a5c 17066->17071 17067 7ff7ec4f1a26 17068 7ff7ec504f78 _get_daylight 11 API calls 17067->17068 17069 7ff7ec4f1a2b 17068->17069 17072 7ff7ec4f2910 54 API calls 17069->17072 17074 7ff7ec4f1c80 49 API calls 17070->17074 17073 7ff7ec504f78 _get_daylight 11 API calls 17071->17073 17072->17097 17075 7ff7ec4f1a61 17073->17075 17076 7ff7ec4f1a92 17074->17076 17077 7ff7ec4f2910 54 API calls 17075->17077 17078 7ff7ec4f1c80 49 API calls 17076->17078 17077->17097 17079 7ff7ec4f1add 17078->17079 17080 7ff7ec500744 73 API calls 17079->17080 17081 7ff7ec4f1b01 17080->17081 17082 7ff7ec4f1b35 17081->17082 17083 7ff7ec4f1b16 17081->17083 17085 7ff7ec50040c _fread_nolock 53 API calls 17082->17085 17084 7ff7ec504f78 _get_daylight 11 API calls 17083->17084 17086 7ff7ec4f1b1b 17084->17086 17087 7ff7ec4f1b4a 17085->17087 17088 7ff7ec4f2910 54 API calls 17086->17088 17089 7ff7ec4f1b6f 17087->17089 17090 7ff7ec4f1b50 17087->17090 17088->17097 17737 7ff7ec500180 17089->17737 17091 7ff7ec504f78 _get_daylight 11 API calls 17090->17091 17093 7ff7ec4f1b55 17091->17093 17095 7ff7ec4f2910 54 API calls 17093->17095 17095->17097 17096 7ff7ec4f2710 54 API calls 17096->17097 17097->17056 17099 7ff7ec4f8a2a 17098->17099 17100 7ff7ec4f9400 2 API calls 17099->17100 17101 7ff7ec4f8a49 GetEnvironmentVariableW 17100->17101 17102 7ff7ec4f8a66 ExpandEnvironmentStringsW 17101->17102 17103 7ff7ec4f8ab2 17101->17103 17102->17103 17105 7ff7ec4f8a88 17102->17105 17104 7ff7ec4fc5c0 _log10_special 8 API calls 17103->17104 17106 7ff7ec4f8ac4 17104->17106 17107 7ff7ec4f94b0 2 API calls 17105->17107 17106->16858 17108 7ff7ec4f8a9a 17107->17108 17109 7ff7ec4fc5c0 _log10_special 8 API calls 17108->17109 17110 7ff7ec4f8aaa 17109->17110 17110->16858 17112 7ff7ec4f9400 2 API calls 17111->17112 17113 7ff7ec4f8b4c 17112->17113 17114 7ff7ec4f9400 2 API calls 17113->17114 17115 7ff7ec4f8b5c 17114->17115 17952 7ff7ec5082a8 17115->17952 17117 7ff7ec4f8b6a __std_exception_copy 17117->16895 17119 7ff7ec4f90f5 17118->17119 17970 7ff7ec4f8760 GetCurrentProcess OpenProcessToken 17119->17970 17122 7ff7ec4f8760 7 API calls 17123 7ff7ec4f9121 17122->17123 17124 7ff7ec4f9154 17123->17124 17125 7ff7ec4f913a 17123->17125 17127 7ff7ec4f26b0 48 API calls 17124->17127 17126 7ff7ec4f26b0 48 API calls 17125->17126 17128 7ff7ec4f9152 17126->17128 17129 7ff7ec4f9167 LocalFree LocalFree 17127->17129 17128->17129 17130 7ff7ec4f9183 17129->17130 17132 7ff7ec4f918f 17129->17132 17980 7ff7ec4f2b50 17130->17980 17133 7ff7ec4fc5c0 _log10_special 8 API calls 17132->17133 17134 7ff7ec4f3c55 17133->17134 17134->16904 17135 7ff7ec4f8850 17134->17135 17136 7ff7ec4f8868 17135->17136 17137 7ff7ec4f888c 17136->17137 17138 7ff7ec4f88ea GetTempPathW GetCurrentProcessId 17136->17138 17140 7ff7ec4f8a20 14 API calls 17137->17140 17989 7ff7ec4f25c0 17138->17989 17141 7ff7ec4f8898 17140->17141 17996 7ff7ec4f81c0 17141->17996 17146 7ff7ec4f88d8 __std_exception_copy 17167 7ff7ec4f89c4 __std_exception_copy 17146->17167 17147 7ff7ec4f8918 __std_exception_copy 17154 7ff7ec4f8955 __std_exception_copy 17147->17154 17993 7ff7ec508bd8 17147->17993 17149 7ff7ec5082a8 38 API calls 17151 7ff7ec4f88be __std_exception_copy 17149->17151 17151->17138 17155 7ff7ec4f88cc 17151->17155 17153 7ff7ec4fc5c0 _log10_special 8 API calls 17157 7ff7ec4f3cbb 17153->17157 17159 7ff7ec4f9400 2 API calls 17154->17159 17154->17167 17158 7ff7ec4f2810 49 API calls 17155->17158 17157->16904 17157->16915 17158->17146 17160 7ff7ec4f89a1 17159->17160 17161 7ff7ec4f89a6 17160->17161 17162 7ff7ec4f89d9 17160->17162 17164 7ff7ec4f9400 2 API calls 17161->17164 17163 7ff7ec5082a8 38 API calls 17162->17163 17163->17167 17165 7ff7ec4f89b6 17164->17165 17166 7ff7ec5082a8 38 API calls 17165->17166 17166->17167 17167->17153 17169 7ff7ec4f9422 MultiByteToWideChar 17168->17169 17170 7ff7ec4f9446 17168->17170 17169->17170 17172 7ff7ec4f945c __std_exception_copy 17169->17172 17171 7ff7ec4f9463 MultiByteToWideChar 17170->17171 17170->17172 17171->17172 17172->16917 17185 7ff7ec4f33ce __scrt_get_show_window_mode 17173->17185 17174 7ff7ec4fc5c0 _log10_special 8 API calls 17175 7ff7ec4f3664 17174->17175 17175->16886 17192 7ff7ec4f90c0 LocalFree 17175->17192 17176 7ff7ec4f35c7 17176->17174 17178 7ff7ec4f1c80 49 API calls 17178->17185 17179 7ff7ec4f35e2 17181 7ff7ec4f2710 54 API calls 17179->17181 17181->17176 17184 7ff7ec4f35c9 17187 7ff7ec4f2710 54 API calls 17184->17187 17185->17176 17185->17178 17185->17179 17185->17184 17186 7ff7ec4f2a50 54 API calls 17185->17186 17190 7ff7ec4f35d0 17185->17190 18262 7ff7ec4f4550 17185->18262 18268 7ff7ec4f7e10 17185->18268 18279 7ff7ec4f1600 17185->18279 18327 7ff7ec4f7110 17185->18327 18331 7ff7ec4f4180 17185->18331 18375 7ff7ec4f4440 17185->18375 17186->17185 17187->17176 17191 7ff7ec4f2710 54 API calls 17190->17191 17191->17176 17194 7ff7ec4f1ca5 17193->17194 17195 7ff7ec5049f4 49 API calls 17194->17195 17196 7ff7ec4f1cc8 17195->17196 17196->16853 17198 7ff7ec4f9400 2 API calls 17197->17198 17199 7ff7ec4f8ba4 17198->17199 17200 7ff7ec5082a8 38 API calls 17199->17200 17201 7ff7ec4f8bb6 __std_exception_copy 17200->17201 17201->16865 17203 7ff7ec4f45bc 17202->17203 17204 7ff7ec4f9400 2 API calls 17203->17204 17205 7ff7ec4f45e4 17204->17205 17206 7ff7ec4f9400 2 API calls 17205->17206 17207 7ff7ec4f45f7 17206->17207 18542 7ff7ec506004 17207->18542 17210 7ff7ec4fc5c0 _log10_special 8 API calls 17211 7ff7ec4f392b 17210->17211 17211->16854 17212 7ff7ec4f7f80 17211->17212 17213 7ff7ec4f7fa4 17212->17213 17214 7ff7ec4f807b __std_exception_copy 17213->17214 17215 7ff7ec500744 73 API calls 17213->17215 17214->16859 17216 7ff7ec4f7fc0 17215->17216 17216->17214 18933 7ff7ec507938 17216->18933 17218 7ff7ec4f7fd5 17218->17214 17219 7ff7ec500744 73 API calls 17218->17219 17220 7ff7ec50040c _fread_nolock 53 API calls 17218->17220 17219->17218 17220->17218 17222 7ff7ec5000ec 17221->17222 18948 7ff7ec4ffe98 17222->18948 17224 7ff7ec500105 17224->16854 17226 7ff7ec4fc8c0 17225->17226 17227 7ff7ec4f2734 GetCurrentProcessId 17226->17227 17228 7ff7ec4f1c80 49 API calls 17227->17228 17229 7ff7ec4f2787 17228->17229 17230 7ff7ec5049f4 49 API calls 17229->17230 17231 7ff7ec4f27cf 17230->17231 17232 7ff7ec4f2620 12 API calls 17231->17232 17233 7ff7ec4f27f1 17232->17233 17234 7ff7ec4fc5c0 _log10_special 8 API calls 17233->17234 17235 7ff7ec4f2801 17234->17235 17235->16886 17237 7ff7ec4f1c80 49 API calls 17236->17237 17238 7ff7ec4f44ed 17237->17238 17238->16898 17240 7ff7ec4f1c80 49 API calls 17239->17240 17241 7ff7ec4f4650 17240->17241 17241->16915 17243 7ff7ec4f6dc5 17242->17243 17244 7ff7ec4f3e6c 17243->17244 17245 7ff7ec504f78 _get_daylight 11 API calls 17243->17245 17248 7ff7ec4f7330 17244->17248 17246 7ff7ec4f6dd2 17245->17246 17247 7ff7ec4f2910 54 API calls 17246->17247 17247->17244 18959 7ff7ec4f1470 17248->18959 17250 7ff7ec4f7358 17251 7ff7ec4f74a9 __std_exception_copy 17250->17251 17252 7ff7ec4f4620 49 API calls 17250->17252 17251->16950 17253 7ff7ec4f737a 17252->17253 17254 7ff7ec4f737f 17253->17254 17255 7ff7ec4f4620 49 API calls 17253->17255 17256 7ff7ec4f2a50 54 API calls 17254->17256 17257 7ff7ec4f739e 17255->17257 17256->17251 17257->17254 17258 7ff7ec4f4620 49 API calls 17257->17258 17259 7ff7ec4f73ba 17258->17259 17259->17254 17279 7ff7ec4f6e0c 17263->17279 17264 7ff7ec4f6f2f 17266 7ff7ec4f1840 45 API calls 17266->17279 17268 7ff7ec4f6f9a 17269 7ff7ec4f1c80 49 API calls 17269->17279 17271 7ff7ec4f6f87 17273 7ff7ec4f4550 10 API calls 17273->17279 17274 7ff7ec4f7e10 52 API calls 17274->17279 17275 7ff7ec4f2a50 54 API calls 17275->17279 17276 7ff7ec4f6f74 17278 7ff7ec4f1600 118 API calls 17278->17279 17279->17264 17279->17266 17279->17268 17279->17269 17279->17271 17279->17273 17279->17274 17279->17275 17279->17276 17279->17278 17280 7ff7ec4f6f5d 17279->17280 17281 7ff7ec4f2710 54 API calls 17280->17281 17281->17264 18989 7ff7ec4f9070 17282->18989 17299 7ff7ec4fc8c0 17298->17299 17300 7ff7ec4f2a74 GetCurrentProcessId 17299->17300 19065 7ff7ec4f6350 17316->19065 17324 7ff7ec4f3399 17325 7ff7ec4f3670 17324->17325 17326 7ff7ec4f367e 17325->17326 17327 7ff7ec4f368f 17326->17327 19338 7ff7ec4f9050 FreeLibrary 17326->19338 17327->16940 17336 7ff7ec5054dc EnterCriticalSection 17329->17336 17338 7ff7ec4f36bc GetModuleFileNameW 17337->17338 17338->17029 17338->17030 17340 7ff7ec4f9342 17339->17340 17341 7ff7ec4f932f FindClose 17339->17341 17342 7ff7ec4fc5c0 _log10_special 8 API calls 17340->17342 17341->17340 17343 7ff7ec4f371a 17342->17343 17343->17035 17343->17036 17345 7ff7ec4fc8c0 17344->17345 17346 7ff7ec4f2c70 GetCurrentProcessId 17345->17346 17375 7ff7ec4f26b0 17346->17375 17348 7ff7ec4f2cb9 17379 7ff7ec504c48 17348->17379 17351 7ff7ec4f26b0 48 API calls 17352 7ff7ec4f2d34 FormatMessageW 17351->17352 17354 7ff7ec4f2d7f MessageBoxW 17352->17354 17355 7ff7ec4f2d6d 17352->17355 17357 7ff7ec4fc5c0 _log10_special 8 API calls 17354->17357 17356 7ff7ec4f26b0 48 API calls 17355->17356 17356->17354 17358 7ff7ec4f2daf 17357->17358 17358->17034 17360 7ff7ec4f93b0 GetFinalPathNameByHandleW CloseHandle 17359->17360 17361 7ff7ec4f3730 17359->17361 17360->17361 17361->17043 17361->17044 17363 7ff7ec4f2834 17362->17363 17364 7ff7ec4f26b0 48 API calls 17363->17364 17365 7ff7ec4f2887 17364->17365 17366 7ff7ec504c48 48 API calls 17365->17366 17367 7ff7ec4f28d0 MessageBoxW 17366->17367 17368 7ff7ec4fc5c0 _log10_special 8 API calls 17367->17368 17369 7ff7ec4f2900 17368->17369 17369->17034 17371 7ff7ec4f9505 17370->17371 17372 7ff7ec4f94da WideCharToMultiByte 17370->17372 17373 7ff7ec4f9522 WideCharToMultiByte 17371->17373 17374 7ff7ec4f951b __std_exception_copy 17371->17374 17372->17371 17372->17374 17373->17374 17374->17042 17376 7ff7ec4f26d5 17375->17376 17377 7ff7ec504c48 48 API calls 17376->17377 17378 7ff7ec4f26f8 17377->17378 17378->17348 17383 7ff7ec504ca2 17379->17383 17380 7ff7ec504cc7 17381 7ff7ec50a884 _invalid_parameter_noinfo 37 API calls 17380->17381 17385 7ff7ec504cf1 17381->17385 17382 7ff7ec504d03 17397 7ff7ec503000 17382->17397 17383->17380 17383->17382 17387 7ff7ec4fc5c0 _log10_special 8 API calls 17385->17387 17386 7ff7ec504de4 17388 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17386->17388 17389 7ff7ec4f2d04 17387->17389 17388->17385 17389->17351 17391 7ff7ec504e0a 17391->17386 17393 7ff7ec504e14 17391->17393 17392 7ff7ec504db9 17394 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17392->17394 17396 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17393->17396 17394->17385 17395 7ff7ec504db0 17395->17386 17395->17392 17396->17385 17398 7ff7ec50303e 17397->17398 17399 7ff7ec50302e 17397->17399 17400 7ff7ec503047 17398->17400 17405 7ff7ec503075 17398->17405 17401 7ff7ec50a884 _invalid_parameter_noinfo 37 API calls 17399->17401 17402 7ff7ec50a884 _invalid_parameter_noinfo 37 API calls 17400->17402 17403 7ff7ec50306d 17401->17403 17402->17403 17403->17386 17403->17391 17403->17392 17403->17395 17405->17399 17405->17403 17408 7ff7ec503a14 17405->17408 17441 7ff7ec503460 17405->17441 17478 7ff7ec502bf0 17405->17478 17409 7ff7ec503a56 17408->17409 17410 7ff7ec503ac7 17408->17410 17411 7ff7ec503af1 17409->17411 17412 7ff7ec503a5c 17409->17412 17413 7ff7ec503b20 17410->17413 17414 7ff7ec503acc 17410->17414 17501 7ff7ec501dc4 17411->17501 17415 7ff7ec503a61 17412->17415 17416 7ff7ec503a90 17412->17416 17420 7ff7ec503b37 17413->17420 17422 7ff7ec503b2a 17413->17422 17427 7ff7ec503b2f 17413->17427 17417 7ff7ec503b01 17414->17417 17418 7ff7ec503ace 17414->17418 17415->17420 17423 7ff7ec503a67 17415->17423 17416->17423 17416->17427 17508 7ff7ec5019b4 17417->17508 17421 7ff7ec503a70 17418->17421 17430 7ff7ec503add 17418->17430 17515 7ff7ec50471c 17420->17515 17439 7ff7ec503b60 17421->17439 17481 7ff7ec5041c8 17421->17481 17422->17411 17422->17427 17423->17421 17428 7ff7ec503aa2 17423->17428 17437 7ff7ec503a8b 17423->17437 17427->17439 17519 7ff7ec5021d4 17427->17519 17428->17439 17491 7ff7ec504504 17428->17491 17430->17411 17432 7ff7ec503ae2 17430->17432 17432->17439 17497 7ff7ec5045c8 17432->17497 17433 7ff7ec4fc5c0 _log10_special 8 API calls 17434 7ff7ec503e5a 17433->17434 17434->17405 17437->17439 17440 7ff7ec503d4c 17437->17440 17526 7ff7ec504830 17437->17526 17439->17433 17440->17439 17532 7ff7ec50ea78 17440->17532 17442 7ff7ec503484 17441->17442 17443 7ff7ec50346e 17441->17443 17444 7ff7ec5034c4 17442->17444 17447 7ff7ec50a884 _invalid_parameter_noinfo 37 API calls 17442->17447 17443->17444 17445 7ff7ec503a56 17443->17445 17446 7ff7ec503ac7 17443->17446 17444->17405 17448 7ff7ec503af1 17445->17448 17449 7ff7ec503a5c 17445->17449 17450 7ff7ec503b20 17446->17450 17451 7ff7ec503acc 17446->17451 17447->17444 17455 7ff7ec501dc4 38 API calls 17448->17455 17452 7ff7ec503a61 17449->17452 17453 7ff7ec503a90 17449->17453 17456 7ff7ec503b37 17450->17456 17457 7ff7ec503b2a 17450->17457 17462 7ff7ec503b2f 17450->17462 17454 7ff7ec503b01 17451->17454 17463 7ff7ec503ace 17451->17463 17452->17456 17458 7ff7ec503a67 17452->17458 17453->17458 17453->17462 17459 7ff7ec5019b4 38 API calls 17454->17459 17473 7ff7ec503a8b 17455->17473 17461 7ff7ec50471c 45 API calls 17456->17461 17457->17448 17457->17462 17464 7ff7ec503a70 17458->17464 17465 7ff7ec503aa2 17458->17465 17458->17473 17459->17473 17460 7ff7ec5041c8 47 API calls 17460->17473 17461->17473 17466 7ff7ec5021d4 38 API calls 17462->17466 17477 7ff7ec503b60 17462->17477 17463->17464 17467 7ff7ec503add 17463->17467 17464->17460 17464->17477 17468 7ff7ec504504 46 API calls 17465->17468 17465->17477 17466->17473 17467->17448 17469 7ff7ec503ae2 17467->17469 17468->17473 17472 7ff7ec5045c8 37 API calls 17469->17472 17469->17477 17470 7ff7ec4fc5c0 _log10_special 8 API calls 17471 7ff7ec503e5a 17470->17471 17471->17405 17472->17473 17474 7ff7ec504830 45 API calls 17473->17474 17476 7ff7ec503d4c 17473->17476 17473->17477 17474->17476 17475 7ff7ec50ea78 46 API calls 17475->17476 17476->17475 17476->17477 17477->17470 17698 7ff7ec501038 17478->17698 17482 7ff7ec5041ee 17481->17482 17544 7ff7ec500bf0 17482->17544 17487 7ff7ec504830 45 API calls 17488 7ff7ec504333 17487->17488 17489 7ff7ec504830 45 API calls 17488->17489 17490 7ff7ec5043c1 17488->17490 17489->17490 17490->17437 17492 7ff7ec504539 17491->17492 17493 7ff7ec504557 17492->17493 17494 7ff7ec504830 45 API calls 17492->17494 17496 7ff7ec50457e 17492->17496 17495 7ff7ec50ea78 46 API calls 17493->17495 17494->17493 17495->17496 17496->17437 17500 7ff7ec5045e9 17497->17500 17498 7ff7ec50a884 _invalid_parameter_noinfo 37 API calls 17499 7ff7ec50461a 17498->17499 17499->17437 17500->17498 17500->17499 17502 7ff7ec501df7 17501->17502 17503 7ff7ec501e26 17502->17503 17505 7ff7ec501ee3 17502->17505 17507 7ff7ec501e63 17503->17507 17671 7ff7ec500c98 17503->17671 17506 7ff7ec50a884 _invalid_parameter_noinfo 37 API calls 17505->17506 17506->17507 17507->17437 17509 7ff7ec5019e7 17508->17509 17510 7ff7ec501a16 17509->17510 17512 7ff7ec501ad3 17509->17512 17511 7ff7ec500c98 12 API calls 17510->17511 17514 7ff7ec501a53 17510->17514 17511->17514 17513 7ff7ec50a884 _invalid_parameter_noinfo 37 API calls 17512->17513 17513->17514 17514->17437 17516 7ff7ec50475f 17515->17516 17517 7ff7ec504763 __crtLCMapStringW 17516->17517 17679 7ff7ec5047b8 17516->17679 17517->17437 17520 7ff7ec502207 17519->17520 17521 7ff7ec502236 17520->17521 17523 7ff7ec5022f3 17520->17523 17522 7ff7ec500c98 12 API calls 17521->17522 17525 7ff7ec502273 17521->17525 17522->17525 17524 7ff7ec50a884 _invalid_parameter_noinfo 37 API calls 17523->17524 17524->17525 17525->17437 17527 7ff7ec504847 17526->17527 17683 7ff7ec50da28 17527->17683 17533 7ff7ec50eab7 17532->17533 17535 7ff7ec50eaa9 17532->17535 17533->17440 17534 7ff7ec50ead7 17537 7ff7ec50eae8 17534->17537 17538 7ff7ec50eb0f 17534->17538 17535->17533 17535->17534 17536 7ff7ec504830 45 API calls 17535->17536 17536->17534 17691 7ff7ec510110 17537->17691 17538->17533 17540 7ff7ec50eb9a 17538->17540 17542 7ff7ec50eb39 17538->17542 17541 7ff7ec50f910 _fread_nolock MultiByteToWideChar 17540->17541 17541->17533 17542->17533 17543 7ff7ec50f910 _fread_nolock MultiByteToWideChar 17542->17543 17543->17533 17545 7ff7ec500c16 17544->17545 17546 7ff7ec500c27 17544->17546 17552 7ff7ec50e5e0 17545->17552 17546->17545 17547 7ff7ec50d66c _fread_nolock 12 API calls 17546->17547 17548 7ff7ec500c54 17547->17548 17549 7ff7ec500c68 17548->17549 17551 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17548->17551 17550 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17549->17550 17550->17545 17551->17549 17553 7ff7ec50e5fd 17552->17553 17554 7ff7ec50e630 17552->17554 17555 7ff7ec50a884 _invalid_parameter_noinfo 37 API calls 17553->17555 17554->17553 17556 7ff7ec50e662 17554->17556 17567 7ff7ec504311 17555->17567 17558 7ff7ec50e6aa 17556->17558 17561 7ff7ec50e775 17556->17561 17557 7ff7ec50e867 17598 7ff7ec50dacc 17557->17598 17558->17567 17570 7ff7ec50a514 __std_exception_copy 37 API calls 17558->17570 17560 7ff7ec50e82d 17591 7ff7ec50de64 17560->17591 17561->17557 17561->17560 17562 7ff7ec50e7fc 17561->17562 17564 7ff7ec50e7bf 17561->17564 17566 7ff7ec50e7b5 17561->17566 17584 7ff7ec50e144 17562->17584 17574 7ff7ec50e374 17564->17574 17566->17560 17569 7ff7ec50e7ba 17566->17569 17567->17487 17567->17488 17569->17562 17569->17564 17571 7ff7ec50e762 17570->17571 17571->17567 17572 7ff7ec50a970 _isindst 17 API calls 17571->17572 17573 7ff7ec50e8c4 17572->17573 17607 7ff7ec51411c 17574->17607 17578 7ff7ec50e41c 17579 7ff7ec50e420 17578->17579 17580 7ff7ec50e471 17578->17580 17581 7ff7ec50e43c 17578->17581 17579->17567 17660 7ff7ec50df60 17580->17660 17656 7ff7ec50e21c 17581->17656 17585 7ff7ec51411c 38 API calls 17584->17585 17586 7ff7ec50e18e 17585->17586 17587 7ff7ec513b64 37 API calls 17586->17587 17588 7ff7ec50e1de 17587->17588 17589 7ff7ec50e1e2 17588->17589 17590 7ff7ec50e21c 45 API calls 17588->17590 17589->17567 17590->17589 17592 7ff7ec51411c 38 API calls 17591->17592 17593 7ff7ec50deaf 17592->17593 17594 7ff7ec513b64 37 API calls 17593->17594 17595 7ff7ec50df07 17594->17595 17596 7ff7ec50df0b 17595->17596 17597 7ff7ec50df60 45 API calls 17595->17597 17596->17567 17597->17596 17599 7ff7ec50db11 17598->17599 17600 7ff7ec50db44 17598->17600 17602 7ff7ec50a884 _invalid_parameter_noinfo 37 API calls 17599->17602 17601 7ff7ec50db5c 17600->17601 17605 7ff7ec50dbdd 17600->17605 17603 7ff7ec50de64 46 API calls 17601->17603 17604 7ff7ec50db3d __scrt_get_show_window_mode 17602->17604 17603->17604 17604->17567 17605->17604 17606 7ff7ec504830 45 API calls 17605->17606 17606->17604 17608 7ff7ec51416f fegetenv 17607->17608 17609 7ff7ec517e9c 37 API calls 17608->17609 17613 7ff7ec5141c2 17609->17613 17610 7ff7ec5141ef 17615 7ff7ec50a514 __std_exception_copy 37 API calls 17610->17615 17611 7ff7ec5142b2 17612 7ff7ec517e9c 37 API calls 17611->17612 17614 7ff7ec5142dc 17612->17614 17613->17611 17617 7ff7ec5141dd 17613->17617 17618 7ff7ec51428c 17613->17618 17619 7ff7ec517e9c 37 API calls 17614->17619 17616 7ff7ec51426d 17615->17616 17620 7ff7ec515394 17616->17620 17626 7ff7ec514275 17616->17626 17617->17610 17617->17611 17621 7ff7ec50a514 __std_exception_copy 37 API calls 17618->17621 17622 7ff7ec5142ed 17619->17622 17623 7ff7ec50a970 _isindst 17 API calls 17620->17623 17621->17616 17624 7ff7ec518090 20 API calls 17622->17624 17625 7ff7ec5153a9 17623->17625 17629 7ff7ec514356 __scrt_get_show_window_mode 17624->17629 17627 7ff7ec4fc5c0 _log10_special 8 API calls 17626->17627 17628 7ff7ec50e3c1 17627->17628 17652 7ff7ec513b64 17628->17652 17630 7ff7ec5146ff __scrt_get_show_window_mode 17629->17630 17631 7ff7ec514397 memcpy_s 17629->17631 17636 7ff7ec504f78 _get_daylight 11 API calls 17629->17636 17650 7ff7ec514cdb memcpy_s __scrt_get_show_window_mode 17631->17650 17651 7ff7ec5147f3 memcpy_s __scrt_get_show_window_mode 17631->17651 17632 7ff7ec513c80 37 API calls 17638 7ff7ec515157 17632->17638 17633 7ff7ec514a3f 17633->17632 17634 7ff7ec5153ac memcpy_s 37 API calls 17634->17633 17635 7ff7ec5149eb 17635->17633 17635->17634 17637 7ff7ec5147d0 17636->17637 17639 7ff7ec50a950 _invalid_parameter_noinfo 37 API calls 17637->17639 17641 7ff7ec5153ac memcpy_s 37 API calls 17638->17641 17649 7ff7ec5151b2 17638->17649 17639->17631 17640 7ff7ec515338 17642 7ff7ec517e9c 37 API calls 17640->17642 17641->17649 17642->17626 17643 7ff7ec504f78 11 API calls _get_daylight 17643->17651 17644 7ff7ec504f78 11 API calls _get_daylight 17644->17650 17645 7ff7ec513c80 37 API calls 17645->17649 17646 7ff7ec50a950 37 API calls _invalid_parameter_noinfo 17646->17650 17647 7ff7ec50a950 37 API calls _invalid_parameter_noinfo 17647->17651 17648 7ff7ec5153ac memcpy_s 37 API calls 17648->17649 17649->17640 17649->17645 17649->17648 17650->17633 17650->17635 17650->17644 17650->17646 17651->17635 17651->17643 17651->17647 17653 7ff7ec513b83 17652->17653 17654 7ff7ec50a884 _invalid_parameter_noinfo 37 API calls 17653->17654 17655 7ff7ec513bae memcpy_s 17653->17655 17654->17655 17655->17578 17657 7ff7ec50e248 memcpy_s 17656->17657 17658 7ff7ec504830 45 API calls 17657->17658 17659 7ff7ec50e302 memcpy_s __scrt_get_show_window_mode 17657->17659 17658->17659 17659->17579 17661 7ff7ec50df9b 17660->17661 17665 7ff7ec50dfe8 memcpy_s 17660->17665 17662 7ff7ec50a884 _invalid_parameter_noinfo 37 API calls 17661->17662 17663 7ff7ec50dfc7 17662->17663 17663->17579 17664 7ff7ec50e053 17666 7ff7ec50a514 __std_exception_copy 37 API calls 17664->17666 17665->17664 17667 7ff7ec504830 45 API calls 17665->17667 17670 7ff7ec50e095 memcpy_s 17666->17670 17667->17664 17668 7ff7ec50a970 _isindst 17 API calls 17669 7ff7ec50e140 17668->17669 17670->17668 17672 7ff7ec500ccf 17671->17672 17678 7ff7ec500cbe 17671->17678 17673 7ff7ec50d66c _fread_nolock 12 API calls 17672->17673 17672->17678 17674 7ff7ec500d00 17673->17674 17675 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17674->17675 17677 7ff7ec500d14 17674->17677 17675->17677 17676 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17676->17678 17677->17676 17678->17507 17680 7ff7ec5047d6 17679->17680 17681 7ff7ec5047de 17679->17681 17682 7ff7ec504830 45 API calls 17680->17682 17681->17517 17682->17681 17684 7ff7ec50da41 17683->17684 17686 7ff7ec50486f 17683->17686 17685 7ff7ec513374 45 API calls 17684->17685 17684->17686 17685->17686 17687 7ff7ec50da94 17686->17687 17688 7ff7ec50daad 17687->17688 17690 7ff7ec50487f 17687->17690 17689 7ff7ec5126c0 45 API calls 17688->17689 17688->17690 17689->17690 17690->17440 17694 7ff7ec516df8 17691->17694 17697 7ff7ec516e5c 17694->17697 17695 7ff7ec4fc5c0 _log10_special 8 API calls 17696 7ff7ec51012d 17695->17696 17696->17533 17697->17695 17699 7ff7ec50107f 17698->17699 17700 7ff7ec50106d 17698->17700 17702 7ff7ec50108d 17699->17702 17707 7ff7ec5010c9 17699->17707 17701 7ff7ec504f78 _get_daylight 11 API calls 17700->17701 17703 7ff7ec501072 17701->17703 17704 7ff7ec50a884 _invalid_parameter_noinfo 37 API calls 17702->17704 17705 7ff7ec50a950 _invalid_parameter_noinfo 37 API calls 17703->17705 17712 7ff7ec50107d 17704->17712 17705->17712 17706 7ff7ec501445 17708 7ff7ec504f78 _get_daylight 11 API calls 17706->17708 17706->17712 17707->17706 17709 7ff7ec504f78 _get_daylight 11 API calls 17707->17709 17710 7ff7ec5016d9 17708->17710 17711 7ff7ec50143a 17709->17711 17713 7ff7ec50a950 _invalid_parameter_noinfo 37 API calls 17710->17713 17714 7ff7ec50a950 _invalid_parameter_noinfo 37 API calls 17711->17714 17712->17405 17713->17712 17714->17706 17716 7ff7ec500774 17715->17716 17743 7ff7ec5004d4 17716->17743 17718 7ff7ec50078d 17718->17058 17755 7ff7ec50042c 17719->17755 17723 7ff7ec4fc8c0 17722->17723 17724 7ff7ec4f2930 GetCurrentProcessId 17723->17724 17725 7ff7ec4f1c80 49 API calls 17724->17725 17726 7ff7ec4f2979 17725->17726 17769 7ff7ec5049f4 17726->17769 17731 7ff7ec4f1c80 49 API calls 17732 7ff7ec4f29ff 17731->17732 17799 7ff7ec4f2620 17732->17799 17735 7ff7ec4fc5c0 _log10_special 8 API calls 17736 7ff7ec4f2a31 17735->17736 17736->17097 17738 7ff7ec4f1b89 17737->17738 17739 7ff7ec500189 17737->17739 17738->17096 17738->17097 17740 7ff7ec504f78 _get_daylight 11 API calls 17739->17740 17741 7ff7ec50018e 17740->17741 17742 7ff7ec50a950 _invalid_parameter_noinfo 37 API calls 17741->17742 17742->17738 17744 7ff7ec50053e 17743->17744 17745 7ff7ec5004fe 17743->17745 17744->17745 17747 7ff7ec50054a 17744->17747 17746 7ff7ec50a884 _invalid_parameter_noinfo 37 API calls 17745->17746 17748 7ff7ec500525 17746->17748 17754 7ff7ec5054dc EnterCriticalSection 17747->17754 17748->17718 17756 7ff7ec500456 17755->17756 17757 7ff7ec4f1a20 17755->17757 17756->17757 17758 7ff7ec500465 __scrt_get_show_window_mode 17756->17758 17759 7ff7ec5004a2 17756->17759 17757->17066 17757->17067 17762 7ff7ec504f78 _get_daylight 11 API calls 17758->17762 17768 7ff7ec5054dc EnterCriticalSection 17759->17768 17764 7ff7ec50047a 17762->17764 17765 7ff7ec50a950 _invalid_parameter_noinfo 37 API calls 17764->17765 17765->17757 17773 7ff7ec504a4e 17769->17773 17770 7ff7ec504a73 17771 7ff7ec50a884 _invalid_parameter_noinfo 37 API calls 17770->17771 17775 7ff7ec504a9d 17771->17775 17772 7ff7ec504aaf 17808 7ff7ec502c80 17772->17808 17773->17770 17773->17772 17777 7ff7ec4fc5c0 _log10_special 8 API calls 17775->17777 17776 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17776->17775 17778 7ff7ec4f29c3 17777->17778 17787 7ff7ec5051d0 17778->17787 17780 7ff7ec504bb0 17783 7ff7ec504bba 17780->17783 17785 7ff7ec504b8c 17780->17785 17781 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17781->17775 17782 7ff7ec504b58 17784 7ff7ec504b61 17782->17784 17782->17785 17786 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17783->17786 17784->17781 17785->17776 17786->17775 17788 7ff7ec50b338 _get_daylight 11 API calls 17787->17788 17789 7ff7ec5051e7 17788->17789 17790 7ff7ec4f29e5 17789->17790 17791 7ff7ec50ec08 _get_daylight 11 API calls 17789->17791 17794 7ff7ec505227 17789->17794 17790->17731 17792 7ff7ec50521c 17791->17792 17793 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17792->17793 17793->17794 17794->17790 17943 7ff7ec50ec90 17794->17943 17797 7ff7ec50a970 _isindst 17 API calls 17798 7ff7ec50526c 17797->17798 17800 7ff7ec4f262f 17799->17800 17801 7ff7ec4f9400 2 API calls 17800->17801 17802 7ff7ec4f2660 17801->17802 17803 7ff7ec4f2683 MessageBoxA 17802->17803 17804 7ff7ec4f266f MessageBoxW 17802->17804 17805 7ff7ec4f2690 17803->17805 17804->17805 17806 7ff7ec4fc5c0 _log10_special 8 API calls 17805->17806 17807 7ff7ec4f26a0 17806->17807 17807->17735 17809 7ff7ec502cbe 17808->17809 17814 7ff7ec502cae 17808->17814 17810 7ff7ec502cc7 17809->17810 17818 7ff7ec502cf5 17809->17818 17812 7ff7ec50a884 _invalid_parameter_noinfo 37 API calls 17810->17812 17811 7ff7ec50a884 _invalid_parameter_noinfo 37 API calls 17813 7ff7ec502ced 17811->17813 17812->17813 17813->17780 17813->17782 17813->17784 17813->17785 17814->17811 17815 7ff7ec504830 45 API calls 17815->17818 17817 7ff7ec502fa4 17820 7ff7ec50a884 _invalid_parameter_noinfo 37 API calls 17817->17820 17818->17813 17818->17814 17818->17815 17818->17817 17822 7ff7ec503610 17818->17822 17848 7ff7ec5032d8 17818->17848 17878 7ff7ec502b60 17818->17878 17820->17814 17823 7ff7ec5036c5 17822->17823 17824 7ff7ec503652 17822->17824 17827 7ff7ec50371f 17823->17827 17828 7ff7ec5036ca 17823->17828 17825 7ff7ec5036ef 17824->17825 17826 7ff7ec503658 17824->17826 17895 7ff7ec501bc0 17825->17895 17835 7ff7ec50365d 17826->17835 17839 7ff7ec50372e 17826->17839 17827->17825 17827->17839 17846 7ff7ec503688 17827->17846 17829 7ff7ec5036ff 17828->17829 17830 7ff7ec5036cc 17828->17830 17902 7ff7ec5017b0 17829->17902 17832 7ff7ec50366d 17830->17832 17838 7ff7ec5036db 17830->17838 17847 7ff7ec50375d 17832->17847 17881 7ff7ec503f74 17832->17881 17835->17832 17837 7ff7ec5036a0 17835->17837 17835->17846 17837->17847 17891 7ff7ec504430 17837->17891 17838->17825 17841 7ff7ec5036e0 17838->17841 17839->17847 17909 7ff7ec501fd0 17839->17909 17843 7ff7ec5045c8 37 API calls 17841->17843 17841->17847 17842 7ff7ec4fc5c0 _log10_special 8 API calls 17844 7ff7ec5039f3 17842->17844 17843->17846 17844->17818 17846->17847 17916 7ff7ec50e8c8 17846->17916 17847->17842 17849 7ff7ec5032e3 17848->17849 17850 7ff7ec5032f9 17848->17850 17852 7ff7ec5036c5 17849->17852 17853 7ff7ec503652 17849->17853 17854 7ff7ec503337 17849->17854 17851 7ff7ec50a884 _invalid_parameter_noinfo 37 API calls 17850->17851 17850->17854 17851->17854 17857 7ff7ec50371f 17852->17857 17858 7ff7ec5036ca 17852->17858 17855 7ff7ec5036ef 17853->17855 17856 7ff7ec503658 17853->17856 17854->17818 17861 7ff7ec501bc0 38 API calls 17855->17861 17865 7ff7ec50365d 17856->17865 17867 7ff7ec50372e 17856->17867 17857->17855 17857->17867 17875 7ff7ec503688 17857->17875 17859 7ff7ec5036ff 17858->17859 17860 7ff7ec5036cc 17858->17860 17863 7ff7ec5017b0 38 API calls 17859->17863 17862 7ff7ec50366d 17860->17862 17869 7ff7ec5036db 17860->17869 17861->17875 17864 7ff7ec503f74 47 API calls 17862->17864 17877 7ff7ec50375d 17862->17877 17863->17875 17864->17875 17865->17862 17866 7ff7ec5036a0 17865->17866 17865->17875 17870 7ff7ec504430 47 API calls 17866->17870 17866->17877 17868 7ff7ec501fd0 38 API calls 17867->17868 17867->17877 17868->17875 17869->17855 17871 7ff7ec5036e0 17869->17871 17870->17875 17873 7ff7ec5045c8 37 API calls 17871->17873 17871->17877 17872 7ff7ec4fc5c0 _log10_special 8 API calls 17874 7ff7ec5039f3 17872->17874 17873->17875 17874->17818 17876 7ff7ec50e8c8 47 API calls 17875->17876 17875->17877 17876->17875 17877->17872 17926 7ff7ec500d84 17878->17926 17882 7ff7ec503f96 17881->17882 17883 7ff7ec500bf0 12 API calls 17882->17883 17884 7ff7ec503fde 17883->17884 17885 7ff7ec50e5e0 46 API calls 17884->17885 17886 7ff7ec5040b1 17885->17886 17887 7ff7ec504830 45 API calls 17886->17887 17889 7ff7ec5040d3 17886->17889 17887->17889 17888 7ff7ec504830 45 API calls 17890 7ff7ec50415c 17888->17890 17889->17888 17889->17889 17889->17890 17890->17846 17892 7ff7ec504448 17891->17892 17894 7ff7ec5044b0 17891->17894 17893 7ff7ec50e8c8 47 API calls 17892->17893 17892->17894 17893->17894 17894->17846 17896 7ff7ec501bf3 17895->17896 17897 7ff7ec501c22 17896->17897 17899 7ff7ec501cdf 17896->17899 17898 7ff7ec500bf0 12 API calls 17897->17898 17901 7ff7ec501c5f 17897->17901 17898->17901 17900 7ff7ec50a884 _invalid_parameter_noinfo 37 API calls 17899->17900 17900->17901 17901->17846 17903 7ff7ec5017e3 17902->17903 17904 7ff7ec501812 17903->17904 17906 7ff7ec5018cf 17903->17906 17905 7ff7ec500bf0 12 API calls 17904->17905 17908 7ff7ec50184f 17904->17908 17905->17908 17907 7ff7ec50a884 _invalid_parameter_noinfo 37 API calls 17906->17907 17907->17908 17908->17846 17910 7ff7ec502003 17909->17910 17911 7ff7ec502032 17910->17911 17913 7ff7ec5020ef 17910->17913 17912 7ff7ec500bf0 12 API calls 17911->17912 17915 7ff7ec50206f 17911->17915 17912->17915 17914 7ff7ec50a884 _invalid_parameter_noinfo 37 API calls 17913->17914 17914->17915 17915->17846 17917 7ff7ec50e8f0 17916->17917 17918 7ff7ec50e935 17917->17918 17920 7ff7ec504830 45 API calls 17917->17920 17922 7ff7ec50e8f5 __scrt_get_show_window_mode 17917->17922 17925 7ff7ec50e91e __scrt_get_show_window_mode 17917->17925 17921 7ff7ec510858 WideCharToMultiByte 17918->17921 17918->17922 17918->17925 17919 7ff7ec50a884 _invalid_parameter_noinfo 37 API calls 17919->17922 17920->17918 17923 7ff7ec50ea11 17921->17923 17922->17846 17923->17922 17924 7ff7ec50ea26 GetLastError 17923->17924 17924->17922 17924->17925 17925->17919 17925->17922 17927 7ff7ec500dc3 17926->17927 17928 7ff7ec500db1 17926->17928 17930 7ff7ec500dd0 17927->17930 17934 7ff7ec500e0d 17927->17934 17929 7ff7ec504f78 _get_daylight 11 API calls 17928->17929 17931 7ff7ec500db6 17929->17931 17932 7ff7ec50a884 _invalid_parameter_noinfo 37 API calls 17930->17932 17933 7ff7ec50a950 _invalid_parameter_noinfo 37 API calls 17931->17933 17940 7ff7ec500dc1 17932->17940 17933->17940 17935 7ff7ec500eb6 17934->17935 17936 7ff7ec504f78 _get_daylight 11 API calls 17934->17936 17937 7ff7ec504f78 _get_daylight 11 API calls 17935->17937 17935->17940 17938 7ff7ec500eab 17936->17938 17939 7ff7ec500f60 17937->17939 17941 7ff7ec50a950 _invalid_parameter_noinfo 37 API calls 17938->17941 17942 7ff7ec50a950 _invalid_parameter_noinfo 37 API calls 17939->17942 17940->17818 17941->17935 17942->17940 17946 7ff7ec50ecad 17943->17946 17944 7ff7ec50ecb2 17945 7ff7ec504f78 _get_daylight 11 API calls 17944->17945 17948 7ff7ec50524d 17944->17948 17951 7ff7ec50ecbc 17945->17951 17946->17944 17946->17948 17949 7ff7ec50ecfc 17946->17949 17947 7ff7ec50a950 _invalid_parameter_noinfo 37 API calls 17947->17948 17948->17790 17948->17797 17949->17948 17950 7ff7ec504f78 _get_daylight 11 API calls 17949->17950 17950->17951 17951->17947 17953 7ff7ec5082c8 17952->17953 17954 7ff7ec5082b5 17952->17954 17962 7ff7ec507f2c 17953->17962 17956 7ff7ec504f78 _get_daylight 11 API calls 17954->17956 17958 7ff7ec5082ba 17956->17958 17960 7ff7ec50a950 _invalid_parameter_noinfo 37 API calls 17958->17960 17959 7ff7ec5082c6 17959->17117 17960->17959 17969 7ff7ec510348 EnterCriticalSection 17962->17969 17971 7ff7ec4f8823 __std_exception_copy 17970->17971 17972 7ff7ec4f87a1 GetTokenInformation 17970->17972 17974 7ff7ec4f8836 CloseHandle 17971->17974 17975 7ff7ec4f883c 17971->17975 17973 7ff7ec4f87c2 GetLastError 17972->17973 17976 7ff7ec4f87cd 17972->17976 17973->17971 17973->17976 17974->17975 17975->17122 17976->17971 17977 7ff7ec4f87e9 GetTokenInformation 17976->17977 17977->17971 17978 7ff7ec4f880c 17977->17978 17978->17971 17979 7ff7ec4f8816 ConvertSidToStringSidW 17978->17979 17979->17971 17981 7ff7ec4fc8c0 17980->17981 17982 7ff7ec4f2b74 GetCurrentProcessId 17981->17982 17983 7ff7ec4f26b0 48 API calls 17982->17983 17984 7ff7ec4f2bc7 17983->17984 17985 7ff7ec504c48 48 API calls 17984->17985 17986 7ff7ec4f2c10 MessageBoxW 17985->17986 17987 7ff7ec4fc5c0 _log10_special 8 API calls 17986->17987 17988 7ff7ec4f2c40 17987->17988 17988->17132 17990 7ff7ec4f25e5 17989->17990 17991 7ff7ec504c48 48 API calls 17990->17991 17992 7ff7ec4f2604 17991->17992 17992->17147 18028 7ff7ec508804 17993->18028 17997 7ff7ec4f81cc 17996->17997 17998 7ff7ec4f9400 2 API calls 17997->17998 17999 7ff7ec4f81eb 17998->17999 18000 7ff7ec4f8206 ExpandEnvironmentStringsW 17999->18000 18001 7ff7ec4f81f3 17999->18001 18003 7ff7ec4f822c __std_exception_copy 18000->18003 18002 7ff7ec4f2810 49 API calls 18001->18002 18027 7ff7ec4f81ff __std_exception_copy 18002->18027 18004 7ff7ec4f8243 18003->18004 18005 7ff7ec4f8230 18003->18005 18009 7ff7ec4f8251 GetDriveTypeW 18004->18009 18010 7ff7ec4f82af 18004->18010 18006 7ff7ec4f2810 49 API calls 18005->18006 18006->18027 18007 7ff7ec4fc5c0 _log10_special 8 API calls 18008 7ff7ec4f839f 18007->18008 18008->17146 18008->17149 18014 7ff7ec4f8285 18009->18014 18015 7ff7ec4f82a0 18009->18015 18161 7ff7ec507e78 18010->18161 18017 7ff7ec4f2810 49 API calls 18014->18017 18154 7ff7ec5079dc 18015->18154 18017->18027 18027->18007 18069 7ff7ec5115c8 18028->18069 18128 7ff7ec511340 18069->18128 18149 7ff7ec510348 EnterCriticalSection 18128->18149 18155 7ff7ec5079fa 18154->18155 18157 7ff7ec507a2d 18154->18157 18155->18157 18173 7ff7ec5104e4 18155->18173 18157->18027 18162 7ff7ec507e94 18161->18162 18163 7ff7ec507f02 18161->18163 18162->18163 18165 7ff7ec507e99 18162->18165 18207 7ff7ec510830 18163->18207 18166 7ff7ec507eb1 18165->18166 18167 7ff7ec507ece 18165->18167 18182 7ff7ec507c48 GetFullPathNameW 18166->18182 18190 7ff7ec507cbc GetFullPathNameW 18167->18190 18174 7ff7ec5104fb 18173->18174 18175 7ff7ec5104f1 18173->18175 18175->18174 18183 7ff7ec507c84 18182->18183 18184 7ff7ec507c6e GetLastError 18182->18184 18191 7ff7ec507cef GetLastError 18190->18191 18196 7ff7ec507d05 __std_exception_copy 18190->18196 18210 7ff7ec510640 18207->18210 18211 7ff7ec51066b 18210->18211 18212 7ff7ec510682 18210->18212 18215 7ff7ec504f78 _get_daylight 11 API calls 18211->18215 18213 7ff7ec5106a7 18212->18213 18214 7ff7ec510686 18212->18214 18263 7ff7ec4f455a 18262->18263 18264 7ff7ec4f9400 2 API calls 18263->18264 18265 7ff7ec4f457f 18264->18265 18266 7ff7ec4fc5c0 _log10_special 8 API calls 18265->18266 18267 7ff7ec4f45a7 18266->18267 18267->17185 18269 7ff7ec4f7e1e 18268->18269 18270 7ff7ec4f7f42 18269->18270 18271 7ff7ec4f1c80 49 API calls 18269->18271 18272 7ff7ec4fc5c0 _log10_special 8 API calls 18270->18272 18276 7ff7ec4f7ea5 18271->18276 18273 7ff7ec4f7f73 18272->18273 18273->17185 18274 7ff7ec4f1c80 49 API calls 18274->18276 18275 7ff7ec4f4550 10 API calls 18275->18276 18276->18270 18276->18274 18276->18275 18277 7ff7ec4f9400 2 API calls 18276->18277 18278 7ff7ec4f7f13 CreateDirectoryW 18277->18278 18278->18270 18278->18276 18280 7ff7ec4f1613 18279->18280 18281 7ff7ec4f1637 18279->18281 18400 7ff7ec4f1050 18280->18400 18283 7ff7ec4f45b0 108 API calls 18281->18283 18285 7ff7ec4f164b 18283->18285 18284 7ff7ec4f1618 18286 7ff7ec4f162e 18284->18286 18290 7ff7ec4f2710 54 API calls 18284->18290 18287 7ff7ec4f1653 18285->18287 18288 7ff7ec4f1682 18285->18288 18286->17185 18291 7ff7ec504f78 _get_daylight 11 API calls 18287->18291 18289 7ff7ec4f45b0 108 API calls 18288->18289 18292 7ff7ec4f1696 18289->18292 18290->18286 18293 7ff7ec4f1658 18291->18293 18294 7ff7ec4f169e 18292->18294 18295 7ff7ec4f16b8 18292->18295 18296 7ff7ec4f2910 54 API calls 18293->18296 18297 7ff7ec4f2710 54 API calls 18294->18297 18298 7ff7ec500744 73 API calls 18295->18298 18299 7ff7ec4f1671 18296->18299 18300 7ff7ec4f16ae 18297->18300 18301 7ff7ec4f16cd 18298->18301 18299->17185 18304 7ff7ec5000bc 74 API calls 18300->18304 18302 7ff7ec4f16d1 18301->18302 18303 7ff7ec4f16f9 18301->18303 18305 7ff7ec504f78 _get_daylight 11 API calls 18302->18305 18306 7ff7ec4f16ff 18303->18306 18307 7ff7ec4f1717 18303->18307 18308 7ff7ec4f1829 18304->18308 18309 7ff7ec4f16d6 18305->18309 18378 7ff7ec4f1210 18306->18378 18312 7ff7ec4f1739 18307->18312 18319 7ff7ec4f1761 18307->18319 18308->17185 18311 7ff7ec4f2910 54 API calls 18309->18311 18318 7ff7ec4f16ef __std_exception_copy 18311->18318 18314 7ff7ec504f78 _get_daylight 11 API calls 18312->18314 18313 7ff7ec5000bc 74 API calls 18313->18300 18315 7ff7ec4f173e 18314->18315 18316 7ff7ec4f2910 54 API calls 18315->18316 18316->18318 18317 7ff7ec50040c _fread_nolock 53 API calls 18317->18319 18318->18313 18319->18317 18319->18318 18320 7ff7ec4f17da 18319->18320 18324 7ff7ec4f17c5 18319->18324 18431 7ff7ec500b4c 18319->18431 18321 7ff7ec504f78 _get_daylight 11 API calls 18320->18321 18323 7ff7ec4f17ca 18321->18323 18326 7ff7ec4f2910 54 API calls 18323->18326 18325 7ff7ec504f78 _get_daylight 11 API calls 18324->18325 18325->18323 18326->18318 18328 7ff7ec4f717b 18327->18328 18330 7ff7ec4f7134 18327->18330 18328->17185 18330->18328 18464 7ff7ec505094 18330->18464 18332 7ff7ec4f4191 18331->18332 18333 7ff7ec4f44d0 49 API calls 18332->18333 18334 7ff7ec4f41cb 18333->18334 18335 7ff7ec4f44d0 49 API calls 18334->18335 18336 7ff7ec4f41db 18335->18336 18337 7ff7ec4f41fd 18336->18337 18338 7ff7ec4f422c 18336->18338 18479 7ff7ec4f4100 18337->18479 18340 7ff7ec4f4100 51 API calls 18338->18340 18341 7ff7ec4f422a 18340->18341 18342 7ff7ec4f428c 18341->18342 18343 7ff7ec4f4257 18341->18343 18345 7ff7ec4f4100 51 API calls 18342->18345 18486 7ff7ec4f7ce0 18343->18486 18347 7ff7ec4f42b0 18345->18347 18348 7ff7ec4f4100 51 API calls 18347->18348 18356 7ff7ec4f4302 18347->18356 18351 7ff7ec4f42d9 18348->18351 18349 7ff7ec4f4383 18352 7ff7ec4f1950 115 API calls 18349->18352 18351->18356 18358 7ff7ec4f4100 51 API calls 18351->18358 18355 7ff7ec4f438d 18352->18355 18354 7ff7ec4f4287 18359 7ff7ec4f4395 18355->18359 18356->18349 18362 7ff7ec4f437c 18356->18362 18363 7ff7ec4f4307 18356->18363 18366 7ff7ec4f436b 18356->18366 18358->18356 18512 7ff7ec4f1840 18359->18512 18362->18359 18362->18363 18367 7ff7ec4f2710 54 API calls 18363->18367 18370 7ff7ec4f2710 54 API calls 18366->18370 18367->18354 18370->18363 18376 7ff7ec4f1c80 49 API calls 18375->18376 18377 7ff7ec4f4464 18376->18377 18377->17185 18379 7ff7ec4f1268 18378->18379 18380 7ff7ec4f126f 18379->18380 18381 7ff7ec4f1297 18379->18381 18382 7ff7ec4f2710 54 API calls 18380->18382 18384 7ff7ec4f12d4 18381->18384 18385 7ff7ec4f12b1 18381->18385 18383 7ff7ec4f1282 18382->18383 18383->18318 18389 7ff7ec4f12e6 18384->18389 18396 7ff7ec4f1309 memcpy_s 18384->18396 18386 7ff7ec504f78 _get_daylight 11 API calls 18385->18386 18401 7ff7ec4f45b0 108 API calls 18400->18401 18402 7ff7ec4f108c 18401->18402 18403 7ff7ec4f1094 18402->18403 18404 7ff7ec4f10a9 18402->18404 18405 7ff7ec4f2710 54 API calls 18403->18405 18406 7ff7ec500744 73 API calls 18404->18406 18412 7ff7ec4f10a4 __std_exception_copy 18405->18412 18407 7ff7ec4f10bf 18406->18407 18408 7ff7ec4f10e6 18407->18408 18409 7ff7ec4f10c3 18407->18409 18413 7ff7ec4f1122 18408->18413 18414 7ff7ec4f10f7 18408->18414 18410 7ff7ec504f78 _get_daylight 11 API calls 18409->18410 18411 7ff7ec4f10c8 18410->18411 18415 7ff7ec4f2910 54 API calls 18411->18415 18412->18284 18417 7ff7ec4f1129 18413->18417 18425 7ff7ec4f113c 18413->18425 18416 7ff7ec504f78 _get_daylight 11 API calls 18414->18416 18422 7ff7ec4f10e1 __std_exception_copy 18415->18422 18418 7ff7ec4f1100 18416->18418 18419 7ff7ec4f1210 92 API calls 18417->18419 18420 7ff7ec4f2910 54 API calls 18418->18420 18419->18422 18420->18422 18421 7ff7ec5000bc 74 API calls 18423 7ff7ec4f11b4 18421->18423 18422->18421 18423->18412 18435 7ff7ec4f46e0 18423->18435 18424 7ff7ec50040c _fread_nolock 53 API calls 18424->18425 18425->18422 18425->18424 18427 7ff7ec4f11ed 18425->18427 18428 7ff7ec504f78 _get_daylight 11 API calls 18427->18428 18429 7ff7ec4f11f2 18428->18429 18430 7ff7ec4f2910 54 API calls 18429->18430 18430->18422 18432 7ff7ec500b7c 18431->18432 18449 7ff7ec50089c 18432->18449 18436 7ff7ec4f46f0 18435->18436 18437 7ff7ec4f9400 2 API calls 18436->18437 18450 7ff7ec5008bc 18449->18450 18451 7ff7ec5008e9 18449->18451 18450->18451 18465 7ff7ec5050a1 18464->18465 18466 7ff7ec5050ce 18464->18466 18468 7ff7ec504f78 _get_daylight 11 API calls 18465->18468 18476 7ff7ec505058 18465->18476 18467 7ff7ec5050f1 18466->18467 18470 7ff7ec50510d 18466->18470 18469 7ff7ec504f78 _get_daylight 11 API calls 18467->18469 18471 7ff7ec5050ab 18468->18471 18472 7ff7ec5050f6 18469->18472 18473 7ff7ec504fbc 45 API calls 18470->18473 18474 7ff7ec50a950 _invalid_parameter_noinfo 37 API calls 18471->18474 18475 7ff7ec50a950 _invalid_parameter_noinfo 37 API calls 18472->18475 18478 7ff7ec505101 18473->18478 18477 7ff7ec5050b6 18474->18477 18475->18478 18476->18330 18477->18330 18478->18330 18480 7ff7ec4f4126 18479->18480 18481 7ff7ec5049f4 49 API calls 18480->18481 18482 7ff7ec4f414c 18481->18482 18483 7ff7ec4f415d 18482->18483 18484 7ff7ec4f4550 10 API calls 18482->18484 18483->18341 18485 7ff7ec4f416f 18484->18485 18485->18341 18487 7ff7ec4f7cf5 18486->18487 18488 7ff7ec4f45b0 108 API calls 18487->18488 18489 7ff7ec4f7d1b 18488->18489 18490 7ff7ec4f7d42 18489->18490 18491 7ff7ec4f45b0 108 API calls 18489->18491 18493 7ff7ec4fc5c0 _log10_special 8 API calls 18490->18493 18492 7ff7ec4f7d32 18491->18492 18514 7ff7ec4f18d5 18512->18514 18515 7ff7ec4f1865 18512->18515 18515->18514 18543 7ff7ec505f38 18542->18543 18544 7ff7ec505f5e 18543->18544 18546 7ff7ec505f91 18543->18546 18545 7ff7ec504f78 _get_daylight 11 API calls 18544->18545 18547 7ff7ec505f63 18545->18547 18549 7ff7ec505fa4 18546->18549 18550 7ff7ec505f97 18546->18550 18548 7ff7ec50a950 _invalid_parameter_noinfo 37 API calls 18547->18548 18551 7ff7ec4f4606 18548->18551 18561 7ff7ec50ac98 18549->18561 18552 7ff7ec504f78 _get_daylight 11 API calls 18550->18552 18551->17210 18552->18551 18574 7ff7ec510348 EnterCriticalSection 18561->18574 18934 7ff7ec507968 18933->18934 18937 7ff7ec507444 18934->18937 18936 7ff7ec507981 18936->17218 18938 7ff7ec50745f 18937->18938 18939 7ff7ec50748e 18937->18939 18940 7ff7ec50a884 _invalid_parameter_noinfo 37 API calls 18938->18940 18947 7ff7ec5054dc EnterCriticalSection 18939->18947 18942 7ff7ec50747f 18940->18942 18942->18936 18949 7ff7ec4ffeb3 18948->18949 18950 7ff7ec4ffee1 18948->18950 18951 7ff7ec50a884 _invalid_parameter_noinfo 37 API calls 18949->18951 18953 7ff7ec4ffed3 18950->18953 18958 7ff7ec5054dc EnterCriticalSection 18950->18958 18951->18953 18953->17224 18960 7ff7ec4f45b0 108 API calls 18959->18960 18961 7ff7ec4f1493 18960->18961 18962 7ff7ec4f149b 18961->18962 18963 7ff7ec4f14bc 18961->18963 18964 7ff7ec4f2710 54 API calls 18962->18964 18965 7ff7ec500744 73 API calls 18963->18965 18966 7ff7ec4f14ab 18964->18966 18967 7ff7ec4f14d1 18965->18967 18966->17250 18968 7ff7ec4f14d5 18967->18968 18969 7ff7ec4f14f8 18967->18969 18970 7ff7ec504f78 _get_daylight 11 API calls 18968->18970 18973 7ff7ec4f1532 18969->18973 18974 7ff7ec4f1508 18969->18974 18971 7ff7ec4f14da 18970->18971 18972 7ff7ec4f2910 54 API calls 18971->18972 18981 7ff7ec4f14f3 __std_exception_copy 18972->18981 18976 7ff7ec4f1538 18973->18976 18984 7ff7ec4f154b 18973->18984 18975 7ff7ec504f78 _get_daylight 11 API calls 18974->18975 18977 7ff7ec4f1510 18975->18977 18978 7ff7ec4f1210 92 API calls 18976->18978 18979 7ff7ec4f2910 54 API calls 18977->18979 18978->18981 18979->18981 18980 7ff7ec5000bc 74 API calls 18983 7ff7ec4f15c4 18980->18983 18981->18980 18982 7ff7ec50040c _fread_nolock 53 API calls 18982->18984 18983->17250 18984->18981 18984->18982 18985 7ff7ec4f15d6 18984->18985 18986 7ff7ec504f78 _get_daylight 11 API calls 18985->18986 18987 7ff7ec4f15db 18986->18987 19066 7ff7ec4f6365 19065->19066 19067 7ff7ec4f1c80 49 API calls 19066->19067 19068 7ff7ec4f63a1 19067->19068 19069 7ff7ec4f63cd 19068->19069 19070 7ff7ec4f63aa 19068->19070 19072 7ff7ec4f4620 49 API calls 19069->19072 19071 7ff7ec4f2710 54 API calls 19070->19071 19095 7ff7ec4f63c3 19071->19095 19073 7ff7ec4f63e5 19072->19073 19074 7ff7ec4f6403 19073->19074 19075 7ff7ec4f2710 54 API calls 19073->19075 19076 7ff7ec4f4550 10 API calls 19074->19076 19075->19074 19078 7ff7ec4f640d 19076->19078 19077 7ff7ec4fc5c0 _log10_special 8 API calls 19079 7ff7ec4f336e 19077->19079 19080 7ff7ec4f641b 19078->19080 19081 7ff7ec4f9070 3 API calls 19078->19081 19079->17324 19096 7ff7ec4f64f0 19079->19096 19082 7ff7ec4f4620 49 API calls 19080->19082 19081->19080 19083 7ff7ec4f6434 19082->19083 19084 7ff7ec4f6459 19083->19084 19085 7ff7ec4f6439 19083->19085 19087 7ff7ec4f9070 3 API calls 19084->19087 19086 7ff7ec4f2710 54 API calls 19085->19086 19086->19095 19088 7ff7ec4f6466 19087->19088 19089 7ff7ec4f64b1 19088->19089 19090 7ff7ec4f6472 19088->19090 19095->19077 19245 7ff7ec4f53f0 19096->19245 19098 7ff7ec4f6516 19099 7ff7ec4f652f 19098->19099 19100 7ff7ec4f651e 19098->19100 19252 7ff7ec4f4c80 19099->19252 19101 7ff7ec4f2710 54 API calls 19100->19101 19107 7ff7ec4f652a 19101->19107 19247 7ff7ec4f541c 19245->19247 19246 7ff7ec4f5424 19246->19098 19247->19246 19250 7ff7ec4f55c4 19247->19250 19276 7ff7ec506b14 19247->19276 19248 7ff7ec4f5787 __std_exception_copy 19248->19098 19249 7ff7ec4f47c0 47 API calls 19249->19250 19250->19248 19250->19249 19277 7ff7ec506b44 19276->19277 19280 7ff7ec506010 19277->19280 19281 7ff7ec506053 19280->19281 19282 7ff7ec506041 19280->19282 19284 7ff7ec50609d 19281->19284 19285 7ff7ec506060 19281->19285 19283 7ff7ec504f78 _get_daylight 11 API calls 19282->19283 19338->17327 19340 7ff7ec50b1c0 __GetCurrentState 45 API calls 19339->19340 19341 7ff7ec50a451 19340->19341 19342 7ff7ec50a574 __GetCurrentState 45 API calls 19341->19342 19343 7ff7ec50a471 19342->19343 20076 7ff7ec51ac53 20078 7ff7ec51ac63 20076->20078 20080 7ff7ec5054e8 LeaveCriticalSection 20078->20080 19344 7ff7ec505698 19345 7ff7ec5056b2 19344->19345 19346 7ff7ec5056cf 19344->19346 19347 7ff7ec504f58 _fread_nolock 11 API calls 19345->19347 19346->19345 19348 7ff7ec5056e2 CreateFileW 19346->19348 19349 7ff7ec5056b7 19347->19349 19350 7ff7ec505716 19348->19350 19351 7ff7ec50574c 19348->19351 19353 7ff7ec504f78 _get_daylight 11 API calls 19349->19353 19369 7ff7ec5057ec GetFileType 19350->19369 19395 7ff7ec505c74 19351->19395 19357 7ff7ec5056bf 19353->19357 19362 7ff7ec50a950 _invalid_parameter_noinfo 37 API calls 19357->19362 19358 7ff7ec505741 CloseHandle 19363 7ff7ec5056ca 19358->19363 19359 7ff7ec50572b CloseHandle 19359->19363 19360 7ff7ec505755 19364 7ff7ec504eec _fread_nolock 11 API calls 19360->19364 19361 7ff7ec505780 19416 7ff7ec505a34 19361->19416 19362->19363 19368 7ff7ec50575f 19364->19368 19368->19363 19370 7ff7ec50583a 19369->19370 19371 7ff7ec5058f7 19369->19371 19372 7ff7ec505866 GetFileInformationByHandle 19370->19372 19376 7ff7ec505b70 21 API calls 19370->19376 19373 7ff7ec505921 19371->19373 19374 7ff7ec5058ff 19371->19374 19377 7ff7ec505912 GetLastError 19372->19377 19378 7ff7ec50588f 19372->19378 19375 7ff7ec505944 PeekNamedPipe 19373->19375 19385 7ff7ec5058e2 19373->19385 19374->19377 19379 7ff7ec505903 19374->19379 19375->19385 19383 7ff7ec505854 19376->19383 19382 7ff7ec504eec _fread_nolock 11 API calls 19377->19382 19380 7ff7ec505a34 51 API calls 19378->19380 19381 7ff7ec504f78 _get_daylight 11 API calls 19379->19381 19384 7ff7ec50589a 19380->19384 19381->19385 19382->19385 19383->19372 19383->19385 19433 7ff7ec505994 19384->19433 19386 7ff7ec4fc5c0 _log10_special 8 API calls 19385->19386 19388 7ff7ec505724 19386->19388 19388->19358 19388->19359 19390 7ff7ec505994 10 API calls 19391 7ff7ec5058b9 19390->19391 19392 7ff7ec505994 10 API calls 19391->19392 19393 7ff7ec5058ca 19392->19393 19393->19385 19394 7ff7ec504f78 _get_daylight 11 API calls 19393->19394 19394->19385 19396 7ff7ec505caa 19395->19396 19397 7ff7ec505d42 __std_exception_copy 19396->19397 19398 7ff7ec504f78 _get_daylight 11 API calls 19396->19398 19399 7ff7ec4fc5c0 _log10_special 8 API calls 19397->19399 19400 7ff7ec505cbc 19398->19400 19401 7ff7ec505751 19399->19401 19402 7ff7ec504f78 _get_daylight 11 API calls 19400->19402 19401->19360 19401->19361 19403 7ff7ec505cc4 19402->19403 19404 7ff7ec507e78 45 API calls 19403->19404 19405 7ff7ec505cd9 19404->19405 19406 7ff7ec505ce1 19405->19406 19407 7ff7ec505ceb 19405->19407 19408 7ff7ec504f78 _get_daylight 11 API calls 19406->19408 19409 7ff7ec504f78 _get_daylight 11 API calls 19407->19409 19412 7ff7ec505ce6 19408->19412 19410 7ff7ec505cf0 19409->19410 19410->19397 19411 7ff7ec504f78 _get_daylight 11 API calls 19410->19411 19413 7ff7ec505cfa 19411->19413 19412->19397 19415 7ff7ec505d34 GetDriveTypeW 19412->19415 19414 7ff7ec507e78 45 API calls 19413->19414 19414->19412 19415->19397 19418 7ff7ec505a5c 19416->19418 19417 7ff7ec50578d 19426 7ff7ec505b70 19417->19426 19418->19417 19440 7ff7ec50f794 19418->19440 19420 7ff7ec505af0 19420->19417 19421 7ff7ec50f794 51 API calls 19420->19421 19422 7ff7ec505b03 19421->19422 19422->19417 19423 7ff7ec50f794 51 API calls 19422->19423 19424 7ff7ec505b16 19423->19424 19424->19417 19425 7ff7ec50f794 51 API calls 19424->19425 19425->19417 19427 7ff7ec505b8a 19426->19427 19428 7ff7ec505bc1 19427->19428 19429 7ff7ec505b9a 19427->19429 19430 7ff7ec50f628 21 API calls 19428->19430 19431 7ff7ec504eec _fread_nolock 11 API calls 19429->19431 19432 7ff7ec505baa 19429->19432 19430->19432 19431->19432 19432->19368 19434 7ff7ec5059b0 19433->19434 19435 7ff7ec5059bd FileTimeToSystemTime 19433->19435 19434->19435 19437 7ff7ec5059b8 19434->19437 19436 7ff7ec5059d1 SystemTimeToTzSpecificLocalTime 19435->19436 19435->19437 19436->19437 19438 7ff7ec4fc5c0 _log10_special 8 API calls 19437->19438 19439 7ff7ec5058a9 19438->19439 19439->19390 19441 7ff7ec50f7c5 19440->19441 19442 7ff7ec50f7a1 19440->19442 19445 7ff7ec50f7ff 19441->19445 19446 7ff7ec50f81e 19441->19446 19442->19441 19443 7ff7ec50f7a6 19442->19443 19444 7ff7ec504f78 _get_daylight 11 API calls 19443->19444 19447 7ff7ec50f7ab 19444->19447 19448 7ff7ec504f78 _get_daylight 11 API calls 19445->19448 19450 7ff7ec504fbc 45 API calls 19446->19450 19451 7ff7ec50a950 _invalid_parameter_noinfo 37 API calls 19447->19451 19449 7ff7ec50f804 19448->19449 19452 7ff7ec50a950 _invalid_parameter_noinfo 37 API calls 19449->19452 19456 7ff7ec50f82b 19450->19456 19453 7ff7ec50f7b6 19451->19453 19455 7ff7ec50f80f 19452->19455 19453->19420 19454 7ff7ec51054c 51 API calls 19454->19456 19455->19420 19456->19454 19456->19455 16803 7ff7ec4fbb50 16804 7ff7ec4fbb7e 16803->16804 16805 7ff7ec4fbb65 16803->16805 16805->16804 16807 7ff7ec50d66c 12 API calls 16805->16807 16806 7ff7ec4fbbde 16807->16806 19591 7ff7ec511720 19602 7ff7ec517454 19591->19602 19603 7ff7ec517461 19602->19603 19604 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19603->19604 19605 7ff7ec51747d 19603->19605 19604->19603 19606 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19605->19606 19607 7ff7ec511729 19605->19607 19606->19605 19608 7ff7ec510348 EnterCriticalSection 19607->19608 19839 7ff7ec4fcbc0 19840 7ff7ec4fcbd0 19839->19840 19856 7ff7ec509c18 19840->19856 19842 7ff7ec4fcbdc 19862 7ff7ec4fceb8 19842->19862 19844 7ff7ec4fd19c 7 API calls 19846 7ff7ec4fcc75 19844->19846 19845 7ff7ec4fcbf4 _RTC_Initialize 19854 7ff7ec4fcc49 19845->19854 19867 7ff7ec4fd068 19845->19867 19848 7ff7ec4fcc09 19870 7ff7ec509084 19848->19870 19854->19844 19855 7ff7ec4fcc65 19854->19855 19857 7ff7ec509c29 19856->19857 19858 7ff7ec509c31 19857->19858 19859 7ff7ec504f78 _get_daylight 11 API calls 19857->19859 19858->19842 19860 7ff7ec509c40 19859->19860 19861 7ff7ec50a950 _invalid_parameter_noinfo 37 API calls 19860->19861 19861->19858 19863 7ff7ec4fcec9 19862->19863 19866 7ff7ec4fcece __scrt_release_startup_lock 19862->19866 19864 7ff7ec4fd19c 7 API calls 19863->19864 19863->19866 19865 7ff7ec4fcf42 19864->19865 19866->19845 19895 7ff7ec4fd02c 19867->19895 19869 7ff7ec4fd071 19869->19848 19871 7ff7ec5090a4 19870->19871 19885 7ff7ec4fcc15 19870->19885 19872 7ff7ec5090ac 19871->19872 19873 7ff7ec5090c2 GetModuleFileNameW 19871->19873 19874 7ff7ec504f78 _get_daylight 11 API calls 19872->19874 19877 7ff7ec5090ed 19873->19877 19875 7ff7ec5090b1 19874->19875 19876 7ff7ec50a950 _invalid_parameter_noinfo 37 API calls 19875->19876 19876->19885 19910 7ff7ec509024 19877->19910 19880 7ff7ec509135 19881 7ff7ec504f78 _get_daylight 11 API calls 19880->19881 19882 7ff7ec50913a 19881->19882 19883 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19882->19883 19883->19885 19884 7ff7ec50914d 19887 7ff7ec50919b 19884->19887 19888 7ff7ec5091b4 19884->19888 19892 7ff7ec50916f 19884->19892 19885->19854 19894 7ff7ec4fd13c InitializeSListHead 19885->19894 19886 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19886->19885 19889 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19887->19889 19890 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19888->19890 19891 7ff7ec5091a4 19889->19891 19890->19892 19893 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19891->19893 19892->19886 19893->19885 19896 7ff7ec4fd046 19895->19896 19898 7ff7ec4fd03f 19895->19898 19899 7ff7ec50a25c 19896->19899 19898->19869 19902 7ff7ec509e98 19899->19902 19909 7ff7ec510348 EnterCriticalSection 19902->19909 19911 7ff7ec50903c 19910->19911 19915 7ff7ec509074 19910->19915 19912 7ff7ec50ec08 _get_daylight 11 API calls 19911->19912 19911->19915 19913 7ff7ec50906a 19912->19913 19914 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19913->19914 19914->19915 19915->19880 19915->19884

                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                        Function 00007FF7EC4F8BD0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 0 7ff7ec4f8bd0-7ff7ec4f8d16 call 7ff7ec4fc8c0 call 7ff7ec4f9400 SetConsoleCtrlHandler GetStartupInfoW call 7ff7ec505460 call 7ff7ec50a4ec call 7ff7ec50878c call 7ff7ec505460 call 7ff7ec50a4ec call 7ff7ec50878c call 7ff7ec505460 call 7ff7ec50a4ec call 7ff7ec50878c GetCommandLineW CreateProcessW 23 7ff7ec4f8d3d-7ff7ec4f8d79 RegisterClassW 0->23 24 7ff7ec4f8d18-7ff7ec4f8d38 GetLastError call 7ff7ec4f2c50 0->24 26 7ff7ec4f8d81-7ff7ec4f8dd5 CreateWindowExW 23->26 27 7ff7ec4f8d7b GetLastError 23->27 31 7ff7ec4f9029-7ff7ec4f904f call 7ff7ec4fc5c0 24->31 29 7ff7ec4f8ddf-7ff7ec4f8de4 ShowWindow 26->29 30 7ff7ec4f8dd7-7ff7ec4f8ddd GetLastError 26->30 27->26 32 7ff7ec4f8dea-7ff7ec4f8dfa WaitForSingleObject 29->32 30->32 34 7ff7ec4f8dfc 32->34 35 7ff7ec4f8e78-7ff7ec4f8e7f 32->35 39 7ff7ec4f8e00-7ff7ec4f8e03 34->39 36 7ff7ec4f8ec2-7ff7ec4f8ec9 35->36 37 7ff7ec4f8e81-7ff7ec4f8e91 WaitForSingleObject 35->37 42 7ff7ec4f8fb0-7ff7ec4f8fc9 GetMessageW 36->42 43 7ff7ec4f8ecf-7ff7ec4f8ee5 QueryPerformanceFrequency QueryPerformanceCounter 36->43 40 7ff7ec4f8fe8-7ff7ec4f8ff2 37->40 41 7ff7ec4f8e97-7ff7ec4f8ea7 TerminateProcess 37->41 44 7ff7ec4f8e05 GetLastError 39->44 45 7ff7ec4f8e0b-7ff7ec4f8e12 39->45 48 7ff7ec4f8ff4-7ff7ec4f8ffa DestroyWindow 40->48 49 7ff7ec4f9001-7ff7ec4f9025 GetExitCodeProcess CloseHandle * 2 40->49 50 7ff7ec4f8eaf-7ff7ec4f8ebd WaitForSingleObject 41->50 51 7ff7ec4f8ea9 GetLastError 41->51 46 7ff7ec4f8fdf-7ff7ec4f8fe6 42->46 47 7ff7ec4f8fcb-7ff7ec4f8fd9 TranslateMessage DispatchMessageW 42->47 52 7ff7ec4f8ef0-7ff7ec4f8f28 MsgWaitForMultipleObjects PeekMessageW 43->52 44->45 45->37 53 7ff7ec4f8e14-7ff7ec4f8e31 PeekMessageW 45->53 46->40 46->42 47->46 48->49 49->31 50->40 51->50 56 7ff7ec4f8f63-7ff7ec4f8f6a 52->56 57 7ff7ec4f8f2a 52->57 54 7ff7ec4f8e66-7ff7ec4f8e76 WaitForSingleObject 53->54 55 7ff7ec4f8e33-7ff7ec4f8e64 TranslateMessage DispatchMessageW PeekMessageW 53->55 54->35 54->39 55->54 55->55 56->42 59 7ff7ec4f8f6c-7ff7ec4f8f95 QueryPerformanceCounter 56->59 58 7ff7ec4f8f30-7ff7ec4f8f61 TranslateMessage DispatchMessageW PeekMessageW 57->58 58->56 58->58 59->52 60 7ff7ec4f8f9b-7ff7ec4f8fa2 59->60 60->40 61 7ff7ec4f8fa4-7ff7ec4f8fa8 60->61 61->42
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                                        • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                                        • API String ID: 3832162212-3165540532
                                                                                                                                                                                                        • Opcode ID: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                        • Instruction ID: 8315f42c5154f509423a7d5f38e02f0790928badce97e23e0e6b648e74d441e9
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1FD1B27AA08B8286FB10EF34E8543A9B764FF85B58F901236DA5D47A94DF3CD118C721
                                                                                                                                                                                                        Function 00007FF7EC4F1000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 509COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 62 7ff7ec4f1000-7ff7ec4f3806 call 7ff7ec4ffe88 call 7ff7ec4ffe90 call 7ff7ec4fc8c0 call 7ff7ec505460 call 7ff7ec5054f4 call 7ff7ec4f36b0 76 7ff7ec4f3814-7ff7ec4f3836 call 7ff7ec4f1950 62->76 77 7ff7ec4f3808-7ff7ec4f380f 62->77 83 7ff7ec4f391b-7ff7ec4f3931 call 7ff7ec4f45b0 76->83 84 7ff7ec4f383c-7ff7ec4f3856 call 7ff7ec4f1c80 76->84 78 7ff7ec4f3c97-7ff7ec4f3cb2 call 7ff7ec4fc5c0 77->78 89 7ff7ec4f3933-7ff7ec4f3960 call 7ff7ec4f7f80 83->89 90 7ff7ec4f396a-7ff7ec4f397f call 7ff7ec4f2710 83->90 88 7ff7ec4f385b-7ff7ec4f389b call 7ff7ec4f8a20 84->88 97 7ff7ec4f38c1-7ff7ec4f38cc call 7ff7ec504fa0 88->97 98 7ff7ec4f389d-7ff7ec4f38a3 88->98 102 7ff7ec4f3984-7ff7ec4f39a6 call 7ff7ec4f1c80 89->102 103 7ff7ec4f3962-7ff7ec4f3965 call 7ff7ec5000bc 89->103 104 7ff7ec4f3c8f 90->104 110 7ff7ec4f38d2-7ff7ec4f38e1 call 7ff7ec4f8a20 97->110 111 7ff7ec4f39fc-7ff7ec4f3a2a call 7ff7ec4f8b30 call 7ff7ec4f8b90 * 3 97->111 99 7ff7ec4f38a5-7ff7ec4f38ad 98->99 100 7ff7ec4f38af-7ff7ec4f38bd call 7ff7ec4f8b90 98->100 99->100 100->97 115 7ff7ec4f39b0-7ff7ec4f39b9 102->115 103->90 104->78 120 7ff7ec4f39f4-7ff7ec4f39f7 call 7ff7ec504fa0 110->120 121 7ff7ec4f38e7-7ff7ec4f38ed 110->121 138 7ff7ec4f3a2f-7ff7ec4f3a3e call 7ff7ec4f8a20 111->138 115->115 116 7ff7ec4f39bb-7ff7ec4f39d8 call 7ff7ec4f1950 115->116 116->88 127 7ff7ec4f39de-7ff7ec4f39ef call 7ff7ec4f2710 116->127 120->111 125 7ff7ec4f38f0-7ff7ec4f38fc 121->125 128 7ff7ec4f3905-7ff7ec4f3908 125->128 129 7ff7ec4f38fe-7ff7ec4f3903 125->129 127->104 128->120 132 7ff7ec4f390e-7ff7ec4f3916 call 7ff7ec504fa0 128->132 129->125 129->128 132->138 141 7ff7ec4f3b45-7ff7ec4f3b53 138->141 142 7ff7ec4f3a44-7ff7ec4f3a47 138->142 144 7ff7ec4f3b59-7ff7ec4f3b5d 141->144 145 7ff7ec4f3a67 141->145 142->141 143 7ff7ec4f3a4d-7ff7ec4f3a50 142->143 146 7ff7ec4f3a56-7ff7ec4f3a5a 143->146 147 7ff7ec4f3b14-7ff7ec4f3b17 143->147 148 7ff7ec4f3a6b-7ff7ec4f3a90 call 7ff7ec504fa0 144->148 145->148 146->147 149 7ff7ec4f3a60 146->149 150 7ff7ec4f3b2f-7ff7ec4f3b40 call 7ff7ec4f2710 147->150 151 7ff7ec4f3b19-7ff7ec4f3b1d 147->151 157 7ff7ec4f3a92-7ff7ec4f3aa6 call 7ff7ec4f8b30 148->157 158 7ff7ec4f3aab-7ff7ec4f3ac0 148->158 149->145 159 7ff7ec4f3c7f-7ff7ec4f3c87 150->159 151->150 153 7ff7ec4f3b1f-7ff7ec4f3b2a 151->153 153->148 157->158 161 7ff7ec4f3ac6-7ff7ec4f3aca 158->161 162 7ff7ec4f3be8-7ff7ec4f3bfa call 7ff7ec4f8a20 158->162 159->104 164 7ff7ec4f3ad0-7ff7ec4f3ae8 call 7ff7ec5052c0 161->164 165 7ff7ec4f3bcd-7ff7ec4f3be2 call 7ff7ec4f1940 161->165 169 7ff7ec4f3c2e 162->169 170 7ff7ec4f3bfc-7ff7ec4f3c02 162->170 175 7ff7ec4f3b62-7ff7ec4f3b7a call 7ff7ec5052c0 164->175 176 7ff7ec4f3aea-7ff7ec4f3b02 call 7ff7ec5052c0 164->176 165->161 165->162 177 7ff7ec4f3c31-7ff7ec4f3c40 call 7ff7ec504fa0 169->177 173 7ff7ec4f3c04-7ff7ec4f3c1c 170->173 174 7ff7ec4f3c1e-7ff7ec4f3c2c 170->174 173->177 174->177 184 7ff7ec4f3b7c-7ff7ec4f3b80 175->184 185 7ff7ec4f3b87-7ff7ec4f3b9f call 7ff7ec5052c0 175->185 176->165 186 7ff7ec4f3b08-7ff7ec4f3b0f 176->186 187 7ff7ec4f3c46-7ff7ec4f3c4a 177->187 188 7ff7ec4f3d41-7ff7ec4f3d63 call 7ff7ec4f44d0 177->188 184->185 197 7ff7ec4f3ba1-7ff7ec4f3ba5 185->197 198 7ff7ec4f3bac-7ff7ec4f3bc4 call 7ff7ec5052c0 185->198 186->165 190 7ff7ec4f3cd4-7ff7ec4f3ce6 call 7ff7ec4f8a20 187->190 191 7ff7ec4f3c50-7ff7ec4f3c5f call 7ff7ec4f90e0 187->191 201 7ff7ec4f3d65-7ff7ec4f3d6f call 7ff7ec4f4620 188->201 202 7ff7ec4f3d71-7ff7ec4f3d82 call 7ff7ec4f1c80 188->202 207 7ff7ec4f3d35-7ff7ec4f3d3c 190->207 208 7ff7ec4f3ce8-7ff7ec4f3ceb 190->208 205 7ff7ec4f3cb3-7ff7ec4f3cb6 call 7ff7ec4f8850 191->205 206 7ff7ec4f3c61 191->206 197->198 198->165 219 7ff7ec4f3bc6 198->219 210 7ff7ec4f3d87-7ff7ec4f3d96 201->210 202->210 218 7ff7ec4f3cbb-7ff7ec4f3cbd 205->218 213 7ff7ec4f3c68 call 7ff7ec4f2710 206->213 207->213 208->207 214 7ff7ec4f3ced-7ff7ec4f3d10 call 7ff7ec4f1c80 208->214 216 7ff7ec4f3dc4-7ff7ec4f3dda call 7ff7ec4f9400 210->216 217 7ff7ec4f3d98-7ff7ec4f3d9f 210->217 226 7ff7ec4f3c6d-7ff7ec4f3c77 213->226 228 7ff7ec4f3d12-7ff7ec4f3d26 call 7ff7ec4f2710 call 7ff7ec504fa0 214->228 229 7ff7ec4f3d2b-7ff7ec4f3d33 call 7ff7ec504fa0 214->229 234 7ff7ec4f3ddc 216->234 235 7ff7ec4f3de8-7ff7ec4f3e04 SetDllDirectoryW 216->235 217->216 222 7ff7ec4f3da1-7ff7ec4f3da5 217->222 224 7ff7ec4f3cbf-7ff7ec4f3cc6 218->224 225 7ff7ec4f3cc8-7ff7ec4f3ccf 218->225 219->165 222->216 230 7ff7ec4f3da7-7ff7ec4f3dbe SetDllDirectoryW LoadLibraryExW 222->230 224->213 225->210 226->159 228->226 229->210 230->216 234->235 238 7ff7ec4f3f01-7ff7ec4f3f08 235->238 239 7ff7ec4f3e0a-7ff7ec4f3e19 call 7ff7ec4f8a20 235->239 241 7ff7ec4f3f0e-7ff7ec4f3f15 238->241 242 7ff7ec4f3ffc-7ff7ec4f4004 238->242 251 7ff7ec4f3e32-7ff7ec4f3e3c call 7ff7ec504fa0 239->251 252 7ff7ec4f3e1b-7ff7ec4f3e21 239->252 241->242 245 7ff7ec4f3f1b-7ff7ec4f3f25 call 7ff7ec4f33c0 241->245 246 7ff7ec4f4006-7ff7ec4f4023 PostMessageW GetMessageW 242->246 247 7ff7ec4f4029-7ff7ec4f405b call 7ff7ec4f36a0 call 7ff7ec4f3360 call 7ff7ec4f3670 call 7ff7ec4f6fb0 call 7ff7ec4f6d60 242->247 245->226 259 7ff7ec4f3f2b-7ff7ec4f3f3f call 7ff7ec4f90c0 245->259 246->247 261 7ff7ec4f3ef2-7ff7ec4f3efc call 7ff7ec4f8b30 251->261 262 7ff7ec4f3e42-7ff7ec4f3e48 251->262 256 7ff7ec4f3e23-7ff7ec4f3e2b 252->256 257 7ff7ec4f3e2d-7ff7ec4f3e2f 252->257 256->257 257->251 271 7ff7ec4f3f64-7ff7ec4f3f7a call 7ff7ec4f8b30 call 7ff7ec4f8bd0 259->271 272 7ff7ec4f3f41-7ff7ec4f3f5e PostMessageW GetMessageW 259->272 261->238 262->261 266 7ff7ec4f3e4e-7ff7ec4f3e54 262->266 269 7ff7ec4f3e56-7ff7ec4f3e58 266->269 270 7ff7ec4f3e5f-7ff7ec4f3e61 266->270 275 7ff7ec4f3e5a 269->275 276 7ff7ec4f3e67-7ff7ec4f3e83 call 7ff7ec4f6db0 call 7ff7ec4f7330 269->276 270->238 270->276 284 7ff7ec4f3f7f-7ff7ec4f3fa7 call 7ff7ec4f6fb0 call 7ff7ec4f6d60 call 7ff7ec4f8ad0 271->284 272->271 275->238 290 7ff7ec4f3e85-7ff7ec4f3e8c 276->290 291 7ff7ec4f3e8e-7ff7ec4f3e95 276->291 311 7ff7ec4f3fe9-7ff7ec4f3ff7 call 7ff7ec4f1900 284->311 312 7ff7ec4f3fa9-7ff7ec4f3fb3 call 7ff7ec4f9200 284->312 295 7ff7ec4f3edb-7ff7ec4f3ef0 call 7ff7ec4f2a50 call 7ff7ec4f6fb0 call 7ff7ec4f6d60 290->295 292 7ff7ec4f3eaf-7ff7ec4f3eb9 call 7ff7ec4f71a0 291->292 293 7ff7ec4f3e97-7ff7ec4f3ea4 call 7ff7ec4f6df0 291->293 305 7ff7ec4f3ec4-7ff7ec4f3ed2 call 7ff7ec4f74e0 292->305 306 7ff7ec4f3ebb-7ff7ec4f3ec2 292->306 293->292 304 7ff7ec4f3ea6-7ff7ec4f3ead 293->304 295->238 304->295 305->238 319 7ff7ec4f3ed4 305->319 306->295 311->226 312->311 321 7ff7ec4f3fb5-7ff7ec4f3fca 312->321 319->295 322 7ff7ec4f3fe4 call 7ff7ec4f2a50 321->322 323 7ff7ec4f3fcc-7ff7ec4f3fdf call 7ff7ec4f2710 call 7ff7ec4f1900 321->323 322->311 323->226
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                        • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                        • API String ID: 2776309574-4232158417
                                                                                                                                                                                                        • Opcode ID: 0e7f9f8f9b7973c5112ddf8e6b7b04449a78dc6e1f1e844403fce0d1da25eb6d
                                                                                                                                                                                                        • Instruction ID: 510f37d932ec907f45eddf1804b43c831b0298a4e9a1de920f03fd8666468518
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0e7f9f8f9b7973c5112ddf8e6b7b04449a78dc6e1f1e844403fce0d1da25eb6d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: CF328069E086C251FB25B72194593B9AA99AF46788FC45033DA5D433C2EF3CE56CC332
                                                                                                                                                                                                        Function 00007FF7EC515C70 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 477 7ff7ec515c70-7ff7ec515cab call 7ff7ec5155f8 call 7ff7ec515600 call 7ff7ec515668 484 7ff7ec515cb1-7ff7ec515cbc call 7ff7ec515608 477->484 485 7ff7ec515ed5-7ff7ec515f21 call 7ff7ec50a970 call 7ff7ec5155f8 call 7ff7ec515600 call 7ff7ec515668 477->485 484->485 491 7ff7ec515cc2-7ff7ec515ccc 484->491 511 7ff7ec515f27-7ff7ec515f32 call 7ff7ec515608 485->511 512 7ff7ec51605f-7ff7ec5160cd call 7ff7ec50a970 call 7ff7ec5115e8 485->512 493 7ff7ec515cee-7ff7ec515cf2 491->493 494 7ff7ec515cce-7ff7ec515cd1 491->494 497 7ff7ec515cf5-7ff7ec515cfd 493->497 496 7ff7ec515cd4-7ff7ec515cdf 494->496 499 7ff7ec515cea-7ff7ec515cec 496->499 500 7ff7ec515ce1-7ff7ec515ce8 496->500 497->497 501 7ff7ec515cff-7ff7ec515d12 call 7ff7ec50d66c 497->501 499->493 503 7ff7ec515d1b-7ff7ec515d29 499->503 500->496 500->499 507 7ff7ec515d2a-7ff7ec515d36 call 7ff7ec50a9b8 501->507 508 7ff7ec515d14-7ff7ec515d16 call 7ff7ec50a9b8 501->508 519 7ff7ec515d3d-7ff7ec515d45 507->519 508->503 511->512 520 7ff7ec515f38-7ff7ec515f43 call 7ff7ec515638 511->520 529 7ff7ec5160db-7ff7ec5160de 512->529 530 7ff7ec5160cf-7ff7ec5160d6 512->530 519->519 522 7ff7ec515d47-7ff7ec515d58 call 7ff7ec5104e4 519->522 520->512 532 7ff7ec515f49-7ff7ec515f6c call 7ff7ec50a9b8 GetTimeZoneInformation 520->532 522->485 531 7ff7ec515d5e-7ff7ec515db4 call 7ff7ec51a540 * 4 call 7ff7ec515b8c 522->531 535 7ff7ec5160e0 529->535 536 7ff7ec516115-7ff7ec516128 call 7ff7ec50d66c 529->536 533 7ff7ec51616b-7ff7ec51616e 530->533 590 7ff7ec515db6-7ff7ec515dba 531->590 543 7ff7ec515f72-7ff7ec515f93 532->543 544 7ff7ec516034-7ff7ec51605e call 7ff7ec5155f0 call 7ff7ec5155e0 call 7ff7ec5155e8 532->544 539 7ff7ec5160e3 533->539 540 7ff7ec516174-7ff7ec51617c call 7ff7ec515c70 533->540 535->539 550 7ff7ec51612a 536->550 551 7ff7ec516133-7ff7ec51614e call 7ff7ec5115e8 536->551 546 7ff7ec5160e8-7ff7ec516114 call 7ff7ec50a9b8 call 7ff7ec4fc5c0 539->546 547 7ff7ec5160e3 call 7ff7ec515eec 539->547 540->546 552 7ff7ec515f9e-7ff7ec515fa5 543->552 553 7ff7ec515f95-7ff7ec515f9b 543->553 547->546 558 7ff7ec51612c-7ff7ec516131 call 7ff7ec50a9b8 550->558 575 7ff7ec516150-7ff7ec516153 551->575 576 7ff7ec516155-7ff7ec516167 call 7ff7ec50a9b8 551->576 559 7ff7ec515fa7-7ff7ec515faf 552->559 560 7ff7ec515fb9 552->560 553->552 558->535 559->560 566 7ff7ec515fb1-7ff7ec515fb7 559->566 571 7ff7ec515fbb-7ff7ec51602f call 7ff7ec51a540 * 4 call 7ff7ec512bcc call 7ff7ec516184 * 2 560->571 566->571 571->544 575->558 576->533 592 7ff7ec515dbc 590->592 593 7ff7ec515dc0-7ff7ec515dc4 590->593 592->593 593->590 594 7ff7ec515dc6-7ff7ec515deb call 7ff7ec506bc8 593->594 600 7ff7ec515dee-7ff7ec515df2 594->600 603 7ff7ec515e01-7ff7ec515e05 600->603 604 7ff7ec515df4-7ff7ec515dff 600->604 603->600 604->603 606 7ff7ec515e07-7ff7ec515e0b 604->606 608 7ff7ec515e8c-7ff7ec515e90 606->608 609 7ff7ec515e0d-7ff7ec515e35 call 7ff7ec506bc8 606->609 610 7ff7ec515e97-7ff7ec515ea4 608->610 611 7ff7ec515e92-7ff7ec515e94 608->611 617 7ff7ec515e37 609->617 618 7ff7ec515e53-7ff7ec515e57 609->618 613 7ff7ec515ebf-7ff7ec515ece call 7ff7ec5155f0 call 7ff7ec5155e0 610->613 614 7ff7ec515ea6-7ff7ec515ebc call 7ff7ec515b8c 610->614 611->610 613->485 614->613 621 7ff7ec515e3a-7ff7ec515e41 617->621 618->608 623 7ff7ec515e59-7ff7ec515e77 call 7ff7ec506bc8 618->623 621->618 624 7ff7ec515e43-7ff7ec515e51 621->624 629 7ff7ec515e83-7ff7ec515e8a 623->629 624->618 624->621 629->608 630 7ff7ec515e79-7ff7ec515e7d 629->630 630->608 631 7ff7ec515e7f 630->631 631->629
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF7EC515CB5
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC515608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7EC51561C
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC50A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF7EC512D92,?,?,?,00007FF7EC512DCF,?,?,00000000,00007FF7EC513295,?,?,?,00007FF7EC5131C7), ref: 00007FF7EC50A9CE
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC50A9B8: GetLastError.KERNEL32(?,?,?,00007FF7EC512D92,?,?,?,00007FF7EC512DCF,?,?,00000000,00007FF7EC513295,?,?,?,00007FF7EC5131C7), ref: 00007FF7EC50A9D8
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC50A970: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7EC50A94F,?,?,?,?,?,00007FF7EC50A83A), ref: 00007FF7EC50A979
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC50A970: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7EC50A94F,?,?,?,?,?,00007FF7EC50A83A), ref: 00007FF7EC50A99E
                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF7EC515CA4
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC515668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7EC51567C
                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF7EC515F1A
                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF7EC515F2B
                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF7EC515F3C
                                                                                                                                                                                                        • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7EC51617C), ref: 00007FF7EC515F63
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                        • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                        • API String ID: 4070488512-239921721
                                                                                                                                                                                                        • Opcode ID: 76424cc0ec02945f4fd2ccc640ea60475aa997d4131cc6c9dd67359800dfdabb
                                                                                                                                                                                                        • Instruction ID: 3afb89013d4a831a1228d03680329b42126451f7edd194fc92335f5c39489aa7
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 76424cc0ec02945f4fd2ccc640ea60475aa997d4131cc6c9dd67359800dfdabb
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 96D1D26AE08A4286E720BF25D8453B9E751EF44B94FE08137EA0D47796EF3CE441C762
                                                                                                                                                                                                        Function 00007FF7EC5169D4 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 691 7ff7ec5169d4-7ff7ec516a47 call 7ff7ec516708 694 7ff7ec516a49-7ff7ec516a52 call 7ff7ec504f58 691->694 695 7ff7ec516a61-7ff7ec516a6b call 7ff7ec508590 691->695 700 7ff7ec516a55-7ff7ec516a5c call 7ff7ec504f78 694->700 701 7ff7ec516a6d-7ff7ec516a84 call 7ff7ec504f58 call 7ff7ec504f78 695->701 702 7ff7ec516a86-7ff7ec516aef CreateFileW 695->702 718 7ff7ec516da2-7ff7ec516dc2 700->718 701->700 704 7ff7ec516b6c-7ff7ec516b77 GetFileType 702->704 705 7ff7ec516af1-7ff7ec516af7 702->705 711 7ff7ec516b79-7ff7ec516bb4 GetLastError call 7ff7ec504eec CloseHandle 704->711 712 7ff7ec516bca-7ff7ec516bd1 704->712 708 7ff7ec516b39-7ff7ec516b67 GetLastError call 7ff7ec504eec 705->708 709 7ff7ec516af9-7ff7ec516afd 705->709 708->700 709->708 716 7ff7ec516aff-7ff7ec516b37 CreateFileW 709->716 711->700 726 7ff7ec516bba-7ff7ec516bc5 call 7ff7ec504f78 711->726 714 7ff7ec516bd9-7ff7ec516bdc 712->714 715 7ff7ec516bd3-7ff7ec516bd7 712->715 721 7ff7ec516be2-7ff7ec516c37 call 7ff7ec5084a8 714->721 722 7ff7ec516bde 714->722 715->721 716->704 716->708 730 7ff7ec516c39-7ff7ec516c45 call 7ff7ec516910 721->730 731 7ff7ec516c56-7ff7ec516c87 call 7ff7ec516488 721->731 722->721 726->700 730->731 738 7ff7ec516c47 730->738 736 7ff7ec516c89-7ff7ec516c8b 731->736 737 7ff7ec516c8d-7ff7ec516ccf 731->737 739 7ff7ec516c49-7ff7ec516c51 call 7ff7ec50ab30 736->739 740 7ff7ec516cf1-7ff7ec516cfc 737->740 741 7ff7ec516cd1-7ff7ec516cd5 737->741 738->739 739->718 743 7ff7ec516da0 740->743 744 7ff7ec516d02-7ff7ec516d06 740->744 741->740 742 7ff7ec516cd7-7ff7ec516cec 741->742 742->740 743->718 744->743 746 7ff7ec516d0c-7ff7ec516d51 CloseHandle CreateFileW 744->746 748 7ff7ec516d53-7ff7ec516d81 GetLastError call 7ff7ec504eec call 7ff7ec5086d0 746->748 749 7ff7ec516d86-7ff7ec516d9b 746->749 748->749 749->743
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1617910340-0
                                                                                                                                                                                                        • Opcode ID: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                        • Instruction ID: d4a696cd49a393a92a79f770b374cdcc2cd35c544ba266e75ce75f50025ce6ed
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 07C1F03AB28E4185EB10EFA4C4852AC7761E749BA8FA14237DE2E973D5DF38D411C311
                                                                                                                                                                                                        Function 00007FF7EC515EEC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 957 7ff7ec515eec-7ff7ec515f21 call 7ff7ec5155f8 call 7ff7ec515600 call 7ff7ec515668 964 7ff7ec515f27-7ff7ec515f32 call 7ff7ec515608 957->964 965 7ff7ec51605f-7ff7ec5160cd call 7ff7ec50a970 call 7ff7ec5115e8 957->965 964->965 970 7ff7ec515f38-7ff7ec515f43 call 7ff7ec515638 964->970 976 7ff7ec5160db-7ff7ec5160de 965->976 977 7ff7ec5160cf-7ff7ec5160d6 965->977 970->965 978 7ff7ec515f49-7ff7ec515f6c call 7ff7ec50a9b8 GetTimeZoneInformation 970->978 980 7ff7ec5160e0 976->980 981 7ff7ec516115-7ff7ec516128 call 7ff7ec50d66c 976->981 979 7ff7ec51616b-7ff7ec51616e 977->979 987 7ff7ec515f72-7ff7ec515f93 978->987 988 7ff7ec516034-7ff7ec51605e call 7ff7ec5155f0 call 7ff7ec5155e0 call 7ff7ec5155e8 978->988 983 7ff7ec5160e3 979->983 984 7ff7ec516174-7ff7ec51617c call 7ff7ec515c70 979->984 980->983 993 7ff7ec51612a 981->993 994 7ff7ec516133-7ff7ec51614e call 7ff7ec5115e8 981->994 989 7ff7ec5160e8-7ff7ec516114 call 7ff7ec50a9b8 call 7ff7ec4fc5c0 983->989 990 7ff7ec5160e3 call 7ff7ec515eec 983->990 984->989 995 7ff7ec515f9e-7ff7ec515fa5 987->995 996 7ff7ec515f95-7ff7ec515f9b 987->996 990->989 1000 7ff7ec51612c-7ff7ec516131 call 7ff7ec50a9b8 993->1000 1015 7ff7ec516150-7ff7ec516153 994->1015 1016 7ff7ec516155-7ff7ec516167 call 7ff7ec50a9b8 994->1016 1001 7ff7ec515fa7-7ff7ec515faf 995->1001 1002 7ff7ec515fb9 995->1002 996->995 1000->980 1001->1002 1007 7ff7ec515fb1-7ff7ec515fb7 1001->1007 1011 7ff7ec515fbb-7ff7ec51602f call 7ff7ec51a540 * 4 call 7ff7ec512bcc call 7ff7ec516184 * 2 1002->1011 1007->1011 1011->988 1015->1000 1016->979
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF7EC515F1A
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC515668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7EC51567C
                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF7EC515F2B
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC515608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7EC51561C
                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF7EC515F3C
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC515638: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7EC51564C
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC50A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF7EC512D92,?,?,?,00007FF7EC512DCF,?,?,00000000,00007FF7EC513295,?,?,?,00007FF7EC5131C7), ref: 00007FF7EC50A9CE
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC50A9B8: GetLastError.KERNEL32(?,?,?,00007FF7EC512D92,?,?,?,00007FF7EC512DCF,?,?,00000000,00007FF7EC513295,?,?,?,00007FF7EC5131C7), ref: 00007FF7EC50A9D8
                                                                                                                                                                                                        • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7EC51617C), ref: 00007FF7EC515F63
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                        • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                        • API String ID: 3458911817-239921721
                                                                                                                                                                                                        • Opcode ID: 8084827ab6892e9bf44fc7ae7df730cc4e836e683a41a1d7f4ca7a201d78ec16
                                                                                                                                                                                                        • Instruction ID: ef3e72584bc56e2ba860a53bb3753ba475f758e83f0ac94abdf729e42021374e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8084827ab6892e9bf44fc7ae7df730cc4e836e683a41a1d7f4ca7a201d78ec16
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1E51A77AA08A4286E710FF25D8856A9E760FB48784FE04137EA4D47796DF3CE441C761
                                                                                                                                                                                                        Function 00007FF7EC4F92F0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2295610775-0
                                                                                                                                                                                                        • Opcode ID: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                        • Instruction ID: 1b13d9a638a689d6d0c34c34ae20b2faa9ed50c90fef8196b7a0e6f37cd24b09
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F6F0C82AA1878286F7B09B60B448766B790AB88338F981336D96D026D4DF7CD05DCA01
                                                                                                                                                                                                        Function 00007FF7EC510938 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1010374628-0
                                                                                                                                                                                                        • Opcode ID: 2d471da97334de2acf0262392bad6ca7d41a72817533bf8b70dbf69db73f0db4
                                                                                                                                                                                                        • Instruction ID: 15185d348d956aa1055b155831551cac61e646b788e09abe678a672baeadd4de
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2d471da97334de2acf0262392bad6ca7d41a72817533bf8b70dbf69db73f0db4
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3C02E329B1DF4240FA55BB119909379E284AF85B94FF54A37DD6D863D2EE3CA840C332
                                                                                                                                                                                                        Function 00007FF7EC4F1950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 329 7ff7ec4f1950-7ff7ec4f198b call 7ff7ec4f45b0 332 7ff7ec4f1991-7ff7ec4f19d1 call 7ff7ec4f7f80 329->332 333 7ff7ec4f1c4e-7ff7ec4f1c72 call 7ff7ec4fc5c0 329->333 338 7ff7ec4f1c3b-7ff7ec4f1c3e call 7ff7ec5000bc 332->338 339 7ff7ec4f19d7-7ff7ec4f19e7 call 7ff7ec500744 332->339 343 7ff7ec4f1c43-7ff7ec4f1c4b 338->343 344 7ff7ec4f19e9-7ff7ec4f1a03 call 7ff7ec504f78 call 7ff7ec4f2910 339->344 345 7ff7ec4f1a08-7ff7ec4f1a24 call 7ff7ec50040c 339->345 343->333 344->338 351 7ff7ec4f1a45-7ff7ec4f1a5a call 7ff7ec504f98 345->351 352 7ff7ec4f1a26-7ff7ec4f1a40 call 7ff7ec504f78 call 7ff7ec4f2910 345->352 358 7ff7ec4f1a7b-7ff7ec4f1afc call 7ff7ec4f1c80 * 2 call 7ff7ec500744 351->358 359 7ff7ec4f1a5c-7ff7ec4f1a76 call 7ff7ec504f78 call 7ff7ec4f2910 351->359 352->338 371 7ff7ec4f1b01-7ff7ec4f1b14 call 7ff7ec504fb4 358->371 359->338 374 7ff7ec4f1b35-7ff7ec4f1b4e call 7ff7ec50040c 371->374 375 7ff7ec4f1b16-7ff7ec4f1b30 call 7ff7ec504f78 call 7ff7ec4f2910 371->375 381 7ff7ec4f1b6f-7ff7ec4f1b8b call 7ff7ec500180 374->381 382 7ff7ec4f1b50-7ff7ec4f1b6a call 7ff7ec504f78 call 7ff7ec4f2910 374->382 375->338 389 7ff7ec4f1b8d-7ff7ec4f1b99 call 7ff7ec4f2710 381->389 390 7ff7ec4f1b9e-7ff7ec4f1bac 381->390 382->338 389->338 390->338 392 7ff7ec4f1bb2-7ff7ec4f1bb9 390->392 395 7ff7ec4f1bc1-7ff7ec4f1bc7 392->395 396 7ff7ec4f1be0-7ff7ec4f1bef 395->396 397 7ff7ec4f1bc9-7ff7ec4f1bd6 395->397 396->396 398 7ff7ec4f1bf1-7ff7ec4f1bfa 396->398 397->398 399 7ff7ec4f1c0f 398->399 400 7ff7ec4f1bfc-7ff7ec4f1bff 398->400 402 7ff7ec4f1c11-7ff7ec4f1c24 399->402 400->399 401 7ff7ec4f1c01-7ff7ec4f1c04 400->401 401->399 403 7ff7ec4f1c06-7ff7ec4f1c09 401->403 404 7ff7ec4f1c26 402->404 405 7ff7ec4f1c2d-7ff7ec4f1c39 402->405 403->399 406 7ff7ec4f1c0b-7ff7ec4f1c0d 403->406 404->405 405->338 405->395 406->402
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC4F7F80: _fread_nolock.LIBCMT ref: 00007FF7EC4F802A
                                                                                                                                                                                                        • _fread_nolock.LIBCMT ref: 00007FF7EC4F1A1B
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC4F2910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF7EC4F1B6A), ref: 00007FF7EC4F295E
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                        • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                        • API String ID: 2397952137-3497178890
                                                                                                                                                                                                        • Opcode ID: a160029e6a37842be442ab761c617b97701ff7f030f4f7bf0d288629a410a574
                                                                                                                                                                                                        • Instruction ID: a4c679547da4d93889342732d399cecc02ff45cdaea09d9ba6976f03a6b9f709
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a160029e6a37842be442ab761c617b97701ff7f030f4f7bf0d288629a410a574
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0381E5B9A0CAC285E720FB24D0553B9A7A4EF49788FD05033E98D43785DE3CE559C722
                                                                                                                                                                                                        Function 00007FF7EC4F1600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 407 7ff7ec4f1600-7ff7ec4f1611 408 7ff7ec4f1613-7ff7ec4f161c call 7ff7ec4f1050 407->408 409 7ff7ec4f1637-7ff7ec4f1651 call 7ff7ec4f45b0 407->409 414 7ff7ec4f162e-7ff7ec4f1636 408->414 415 7ff7ec4f161e-7ff7ec4f1629 call 7ff7ec4f2710 408->415 416 7ff7ec4f1653-7ff7ec4f1681 call 7ff7ec504f78 call 7ff7ec4f2910 409->416 417 7ff7ec4f1682-7ff7ec4f169c call 7ff7ec4f45b0 409->417 415->414 423 7ff7ec4f169e-7ff7ec4f16b3 call 7ff7ec4f2710 417->423 424 7ff7ec4f16b8-7ff7ec4f16cf call 7ff7ec500744 417->424 431 7ff7ec4f1821-7ff7ec4f1824 call 7ff7ec5000bc 423->431 432 7ff7ec4f16d1-7ff7ec4f16f4 call 7ff7ec504f78 call 7ff7ec4f2910 424->432 433 7ff7ec4f16f9-7ff7ec4f16fd 424->433 439 7ff7ec4f1829-7ff7ec4f183b 431->439 445 7ff7ec4f1819-7ff7ec4f181c call 7ff7ec5000bc 432->445 436 7ff7ec4f16ff-7ff7ec4f170b call 7ff7ec4f1210 433->436 437 7ff7ec4f1717-7ff7ec4f1737 call 7ff7ec504fb4 433->437 442 7ff7ec4f1710-7ff7ec4f1712 436->442 446 7ff7ec4f1761-7ff7ec4f176c 437->446 447 7ff7ec4f1739-7ff7ec4f175c call 7ff7ec504f78 call 7ff7ec4f2910 437->447 442->445 445->431 451 7ff7ec4f1802-7ff7ec4f180a call 7ff7ec504fa0 446->451 452 7ff7ec4f1772-7ff7ec4f1777 446->452 459 7ff7ec4f180f-7ff7ec4f1814 447->459 451->459 454 7ff7ec4f1780-7ff7ec4f17a2 call 7ff7ec50040c 452->454 462 7ff7ec4f17a4-7ff7ec4f17bc call 7ff7ec500b4c 454->462 463 7ff7ec4f17da-7ff7ec4f17e6 call 7ff7ec504f78 454->463 459->445 468 7ff7ec4f17c5-7ff7ec4f17d8 call 7ff7ec504f78 462->468 469 7ff7ec4f17be-7ff7ec4f17c1 462->469 470 7ff7ec4f17ed-7ff7ec4f17f8 call 7ff7ec4f2910 463->470 468->470 469->454 471 7ff7ec4f17c3 469->471 474 7ff7ec4f17fd 470->474 471->474 474->451
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                        • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                        • API String ID: 2050909247-1550345328
                                                                                                                                                                                                        • Opcode ID: b7cfde611c470d5de2a22cfb734085cfddee959ab285f2d596dd9298a7ff1e46
                                                                                                                                                                                                        • Instruction ID: 923b9313f80a782d9abd28b6d4e4c5fb8326fdc5de4bd2f02f6371e149b79234
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b7cfde611c470d5de2a22cfb734085cfddee959ab285f2d596dd9298a7ff1e46
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C551C2A9F08A8292FA10BB1194017B9A794BF41798FD05133ED1C47791EF3CE569C362
                                                                                                                                                                                                        Function 00007FF7EC4F8850 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetTempPathW.KERNEL32(?,?,00000000,00007FF7EC4F3CBB), ref: 00007FF7EC4F88F4
                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,00000000,00007FF7EC4F3CBB), ref: 00007FF7EC4F88FA
                                                                                                                                                                                                        • CreateDirectoryW.KERNELBASE(?,00000000,00007FF7EC4F3CBB), ref: 00007FF7EC4F893C
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC4F8A20: GetEnvironmentVariableW.KERNEL32(00007FF7EC4F388E), ref: 00007FF7EC4F8A57
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC4F8A20: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7EC4F8A79
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC5082A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7EC5082C1
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC4F2810: MessageBoxW.USER32 ref: 00007FF7EC4F28EA
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                        • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                        • API String ID: 3563477958-1339014028
                                                                                                                                                                                                        • Opcode ID: 4e349524156a31c65ddba45994ef87c37bf84ce1b0e485ec316371ea64373d4f
                                                                                                                                                                                                        • Instruction ID: 4da0bb27779f692da0850050394f9b82dda0bac95829d43a9b5824828dd05d42
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4e349524156a31c65ddba45994ef87c37bf84ce1b0e485ec316371ea64373d4f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6E41D319A08B8250FA21FB21A8557F99794AF877C8FD01133DD0D4B396EE3CD519C322
                                                                                                                                                                                                        Function 00007FF7EC4F1210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 754 7ff7ec4f1210-7ff7ec4f126d call 7ff7ec4fbdf0 757 7ff7ec4f126f-7ff7ec4f1296 call 7ff7ec4f2710 754->757 758 7ff7ec4f1297-7ff7ec4f12af call 7ff7ec504fb4 754->758 763 7ff7ec4f12d4-7ff7ec4f12e4 call 7ff7ec504fb4 758->763 764 7ff7ec4f12b1-7ff7ec4f12cf call 7ff7ec504f78 call 7ff7ec4f2910 758->764 770 7ff7ec4f12e6-7ff7ec4f1304 call 7ff7ec504f78 call 7ff7ec4f2910 763->770 771 7ff7ec4f1309-7ff7ec4f131b 763->771 775 7ff7ec4f1439-7ff7ec4f144e call 7ff7ec4fbad0 call 7ff7ec504fa0 * 2 764->775 770->775 774 7ff7ec4f1320-7ff7ec4f1345 call 7ff7ec50040c 771->774 781 7ff7ec4f1431 774->781 782 7ff7ec4f134b-7ff7ec4f1355 call 7ff7ec500180 774->782 791 7ff7ec4f1453-7ff7ec4f146d 775->791 781->775 782->781 790 7ff7ec4f135b-7ff7ec4f1367 782->790 792 7ff7ec4f1370-7ff7ec4f1398 call 7ff7ec4fa230 790->792 795 7ff7ec4f1416-7ff7ec4f142c call 7ff7ec4f2710 792->795 796 7ff7ec4f139a-7ff7ec4f139d 792->796 795->781 797 7ff7ec4f1411 796->797 798 7ff7ec4f139f-7ff7ec4f13a9 796->798 797->795 800 7ff7ec4f13d4-7ff7ec4f13d7 798->800 801 7ff7ec4f13ab-7ff7ec4f13b9 call 7ff7ec500b4c 798->801 802 7ff7ec4f13d9-7ff7ec4f13e7 call 7ff7ec519ea0 800->802 803 7ff7ec4f13ea-7ff7ec4f13ef 800->803 807 7ff7ec4f13be-7ff7ec4f13c1 801->807 802->803 803->792 806 7ff7ec4f13f5-7ff7ec4f13f8 803->806 809 7ff7ec4f140c-7ff7ec4f140f 806->809 810 7ff7ec4f13fa-7ff7ec4f13fd 806->810 811 7ff7ec4f13c3-7ff7ec4f13cd call 7ff7ec500180 807->811 812 7ff7ec4f13cf-7ff7ec4f13d2 807->812 809->781 810->795 813 7ff7ec4f13ff-7ff7ec4f1407 810->813 811->803 811->812 812->795 813->774
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                        • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                        • API String ID: 2050909247-2813020118
                                                                                                                                                                                                        • Opcode ID: 5203fde90a14cfca52878d148793ed0f56fa2f4a03ba52266beea290f2c18543
                                                                                                                                                                                                        • Instruction ID: c605d031a9640b768874fc5228e89a5482cd7de33724b4f89f9faf963f681d5c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5203fde90a14cfca52878d148793ed0f56fa2f4a03ba52266beea290f2c18543
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5451386AA0868241F621BB11A4003BAE695FF86798FD41133FD4E437C5EF3CE419C722
                                                                                                                                                                                                        Function 00007FF7EC4F36B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,00007FF7EC4F3804), ref: 00007FF7EC4F36E1
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF7EC4F3804), ref: 00007FF7EC4F36EB
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC4F2C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF7EC4F3706,?,00007FF7EC4F3804), ref: 00007FF7EC4F2C9E
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC4F2C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7EC4F3706,?,00007FF7EC4F3804), ref: 00007FF7EC4F2D63
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC4F2C50: MessageBoxW.USER32 ref: 00007FF7EC4F2D99
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                        • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                        • API String ID: 3187769757-2863816727
                                                                                                                                                                                                        • Opcode ID: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                        • Instruction ID: 25d1d8ecd3e913afd7adfdd1d8a803d4a4ae39b54728c9320424c010c7d218ed
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8921B569F0CAC241FA20BB20E8053B6A694BF59358FD05233D55DC26E5EE3CE518C722
                                                                                                                                                                                                        Function 00007FF7EC50BACC Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 844 7ff7ec50bacc-7ff7ec50baf2 845 7ff7ec50bb0d-7ff7ec50bb11 844->845 846 7ff7ec50baf4-7ff7ec50bb08 call 7ff7ec504f58 call 7ff7ec504f78 844->846 848 7ff7ec50bee7-7ff7ec50bef3 call 7ff7ec504f58 call 7ff7ec504f78 845->848 849 7ff7ec50bb17-7ff7ec50bb1e 845->849 864 7ff7ec50befe 846->864 867 7ff7ec50bef9 call 7ff7ec50a950 848->867 849->848 850 7ff7ec50bb24-7ff7ec50bb52 849->850 850->848 853 7ff7ec50bb58-7ff7ec50bb5f 850->853 856 7ff7ec50bb78-7ff7ec50bb7b 853->856 857 7ff7ec50bb61-7ff7ec50bb73 call 7ff7ec504f58 call 7ff7ec504f78 853->857 862 7ff7ec50bb81-7ff7ec50bb87 856->862 863 7ff7ec50bee3-7ff7ec50bee5 856->863 857->867 862->863 868 7ff7ec50bb8d-7ff7ec50bb90 862->868 865 7ff7ec50bf01-7ff7ec50bf18 863->865 864->865 867->864 868->857 871 7ff7ec50bb92-7ff7ec50bbb7 868->871 873 7ff7ec50bbb9-7ff7ec50bbbb 871->873 874 7ff7ec50bbea-7ff7ec50bbf1 871->874 877 7ff7ec50bbbd-7ff7ec50bbc4 873->877 878 7ff7ec50bbe2-7ff7ec50bbe8 873->878 875 7ff7ec50bbf3-7ff7ec50bc1b call 7ff7ec50d66c call 7ff7ec50a9b8 * 2 874->875 876 7ff7ec50bbc6-7ff7ec50bbdd call 7ff7ec504f58 call 7ff7ec504f78 call 7ff7ec50a950 874->876 909 7ff7ec50bc38-7ff7ec50bc63 call 7ff7ec50c2f4 875->909 910 7ff7ec50bc1d-7ff7ec50bc33 call 7ff7ec504f78 call 7ff7ec504f58 875->910 907 7ff7ec50bd70 876->907 877->876 877->878 879 7ff7ec50bc68-7ff7ec50bc7f 878->879 882 7ff7ec50bcfa-7ff7ec50bd04 call 7ff7ec51398c 879->882 883 7ff7ec50bc81-7ff7ec50bc89 879->883 894 7ff7ec50bd0a-7ff7ec50bd1f 882->894 895 7ff7ec50bd8e 882->895 883->882 888 7ff7ec50bc8b-7ff7ec50bc8d 883->888 888->882 892 7ff7ec50bc8f-7ff7ec50bca5 888->892 892->882 897 7ff7ec50bca7-7ff7ec50bcb3 892->897 894->895 899 7ff7ec50bd21-7ff7ec50bd33 GetConsoleMode 894->899 903 7ff7ec50bd93-7ff7ec50bdb3 ReadFile 895->903 897->882 901 7ff7ec50bcb5-7ff7ec50bcb7 897->901 899->895 906 7ff7ec50bd35-7ff7ec50bd3d 899->906 901->882 908 7ff7ec50bcb9-7ff7ec50bcd1 901->908 904 7ff7ec50bdb9-7ff7ec50bdc1 903->904 905 7ff7ec50bead-7ff7ec50beb6 GetLastError 903->905 904->905 911 7ff7ec50bdc7 904->911 914 7ff7ec50beb8-7ff7ec50bece call 7ff7ec504f78 call 7ff7ec504f58 905->914 915 7ff7ec50bed3-7ff7ec50bed6 905->915 906->903 913 7ff7ec50bd3f-7ff7ec50bd61 ReadConsoleW 906->913 916 7ff7ec50bd73-7ff7ec50bd7d call 7ff7ec50a9b8 907->916 908->882 917 7ff7ec50bcd3-7ff7ec50bcdf 908->917 909->879 910->907 919 7ff7ec50bdce-7ff7ec50bde3 911->919 921 7ff7ec50bd82-7ff7ec50bd8c 913->921 922 7ff7ec50bd63 GetLastError 913->922 914->907 926 7ff7ec50bd69-7ff7ec50bd6b call 7ff7ec504eec 915->926 927 7ff7ec50bedc-7ff7ec50bede 915->927 916->865 917->882 925 7ff7ec50bce1-7ff7ec50bce3 917->925 919->916 930 7ff7ec50bde5-7ff7ec50bdf0 919->930 921->919 922->926 925->882 934 7ff7ec50bce5-7ff7ec50bcf5 925->934 926->907 927->916 936 7ff7ec50be17-7ff7ec50be1f 930->936 937 7ff7ec50bdf2-7ff7ec50be0b call 7ff7ec50b6e4 930->937 934->882 940 7ff7ec50be9b-7ff7ec50bea8 call 7ff7ec50b524 936->940 941 7ff7ec50be21-7ff7ec50be33 936->941 944 7ff7ec50be10-7ff7ec50be12 937->944 940->944 945 7ff7ec50be8e-7ff7ec50be96 941->945 946 7ff7ec50be35 941->946 944->916 945->916 948 7ff7ec50be3a-7ff7ec50be41 946->948 949 7ff7ec50be7d-7ff7ec50be88 948->949 950 7ff7ec50be43-7ff7ec50be47 948->950 949->945 951 7ff7ec50be49-7ff7ec50be50 950->951 952 7ff7ec50be63 950->952 951->952 954 7ff7ec50be52-7ff7ec50be56 951->954 953 7ff7ec50be69-7ff7ec50be79 952->953 953->948 955 7ff7ec50be7b 953->955 954->952 956 7ff7ec50be58-7ff7ec50be61 954->956 955->945 956->953
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                        • Opcode ID: 71330427dde7a49afb2283bb308656113f98e0c66a4f806cd66398b14c9322eb
                                                                                                                                                                                                        • Instruction ID: 104c1074cbd2c0bb750749c4c2b97bacdc4ecb7d93d646a2f0068ccad93cdf59
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 71330427dde7a49afb2283bb308656113f98e0c66a4f806cd66398b14c9322eb
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B0C1D52A908A8741F761BB1594923BDE750FB81B88FE54133EA4D83791EF7CE855C322
                                                                                                                                                                                                        Function 00007FF7EC4F8760 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 995526605-0
                                                                                                                                                                                                        • Opcode ID: ccba17952e233d5b695068aab9421341a55ed3ebff0a2a14ee99ad80d8ea5500
                                                                                                                                                                                                        • Instruction ID: 98f84f42fe8b4ef0f807d8ea7214c10b2359f60e199e38f1c7b177ade67d149f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ccba17952e233d5b695068aab9421341a55ed3ebff0a2a14ee99ad80d8ea5500
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1121C135A0CB8642EB10AB55F44433AE7A4FB867A4F901232EA6C47AE4DF7CD418C711
                                                                                                                                                                                                        Function 00007FF7EC4F90E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC4F8760: GetCurrentProcess.KERNEL32 ref: 00007FF7EC4F8780
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC4F8760: OpenProcessToken.ADVAPI32 ref: 00007FF7EC4F8793
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC4F8760: GetTokenInformation.KERNELBASE ref: 00007FF7EC4F87B8
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC4F8760: GetLastError.KERNEL32 ref: 00007FF7EC4F87C2
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC4F8760: GetTokenInformation.KERNELBASE ref: 00007FF7EC4F8802
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC4F8760: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF7EC4F881E
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC4F8760: CloseHandle.KERNEL32 ref: 00007FF7EC4F8836
                                                                                                                                                                                                        • LocalFree.KERNEL32(?,00007FF7EC4F3C55), ref: 00007FF7EC4F916C
                                                                                                                                                                                                        • LocalFree.KERNEL32(?,00007FF7EC4F3C55), ref: 00007FF7EC4F9175
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                        • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                        • API String ID: 6828938-1529539262
                                                                                                                                                                                                        • Opcode ID: 3eb7115bd34229e0b110e4578eeeb93c66e7230f7a251aed45e8d0dbb8b27e08
                                                                                                                                                                                                        • Instruction ID: 7573072081d2fe07d1cdef178bc6b18346004a865bea60641ebf90997a4d256c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3eb7115bd34229e0b110e4578eeeb93c66e7230f7a251aed45e8d0dbb8b27e08
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2D215E29A08B8241F710BB10E9193EAB7A5EF8A784FD41033EA4D43786DF3CD919C761
                                                                                                                                                                                                        Function 00007FF7EC4F7E10 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CreateDirectoryW.KERNELBASE(00000000,?,00007FF7EC4F352C,?,00000000,00007FF7EC4F3F23), ref: 00007FF7EC4F7F22
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CreateDirectory
                                                                                                                                                                                                        • String ID: %.*s$%s%c$\
                                                                                                                                                                                                        • API String ID: 4241100979-1685191245
                                                                                                                                                                                                        • Opcode ID: 8ca7fb79b4ea6b2c566bb37e9ebd00ba932afb87f6e77ad964f7d4209dd14296
                                                                                                                                                                                                        • Instruction ID: d61ee5ba90317694cd4d9a5dd57c6e479518c6e50ddc487456046dd49e1a2019
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8ca7fb79b4ea6b2c566bb37e9ebd00ba932afb87f6e77ad964f7d4209dd14296
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3B312D25719AC145FB21AB20E4107EAA758EF85BE8F802232EE6D437C9DF3CD619C711
                                                                                                                                                                                                        Function 00007FF7EC50CFD0 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7EC50CFBB), ref: 00007FF7EC50D0EC
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7EC50CFBB), ref: 00007FF7EC50D177
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 953036326-0
                                                                                                                                                                                                        • Opcode ID: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                        • Instruction ID: f0c3f7dbf5eb1a46412b89a1ae13b31cb2613c7acd5806e76235646378e4ff0d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1C91D63AF1865285F750EF6594413FDABA0BB46B8CFA44136DE0E93685EE3CD442C722
                                                                                                                                                                                                        Function 00007FF7EC50F9FC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _get_daylight$_isindst
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 4170891091-0
                                                                                                                                                                                                        • Opcode ID: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                        • Instruction ID: 64fcc14e1cfa481f3f3826008b9ee0436d1f61fa2e6e6ce997f66baabf8c3561
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                        • Instruction Fuzzy Hash: EC510776F0851186FB18EF2499567BDA7A1BB0035CFA00237DD1E92AE5EB38E401C711
                                                                                                                                                                                                        Function 00007FF7EC5057EC Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2780335769-0
                                                                                                                                                                                                        • Opcode ID: 9a0c598da5bacb08a65281ee6853743b6bc645484a6b27ddd69bc7d98502ecbe
                                                                                                                                                                                                        • Instruction ID: 7bf95fcdba7e050ec062e217e2ae295b2bd88be071345c32f040f7882a023499
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9a0c598da5bacb08a65281ee6853743b6bc645484a6b27ddd69bc7d98502ecbe
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0D51C32AE046418AFB10EF71D4513BDA3A1BF48B5CFA44836DE0D87688EF38D441C326
                                                                                                                                                                                                        Function 00007FF7EC505698 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1279662727-0
                                                                                                                                                                                                        • Opcode ID: 24238bc47b860f74abc13910c6a37bc7991964e3dbe0c30fb6d15975fbdc4001
                                                                                                                                                                                                        • Instruction ID: 4fed64926a280806a55f806b27f623742d7deb41a6ec5418642de5a509205c55
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 24238bc47b860f74abc13910c6a37bc7991964e3dbe0c30fb6d15975fbdc4001
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9A41D626E1878183F714EB209515379A360FB947A8FA08336EA5C43AD1EF7CA5E0C725
                                                                                                                                                                                                        Function 00007FF7EC4FCCAC Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3251591375-0
                                                                                                                                                                                                        • Opcode ID: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                        • Instruction ID: 565bcae58d72bb2479cd33e6727bf1d7658a5be5f254bc2161e8dfe976d92537
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 13316B29E0C58381FA24BB2494527F99B95AF4238CFD46437D94D8B2DBDE3CA419C273
                                                                                                                                                                                                        Function 00007FF7EC5001AC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                        • Opcode ID: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
                                                                                                                                                                                                        • Instruction ID: d541860d37ae33fa481e2d1e1c4052d5c4a1e29babc9e555e0cbc01544d03eb8
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F151FC2970974246F625BD2594027BAA292AFC4BACFB44736DD7D837C6EF3CD401C622
                                                                                                                                                                                                        Function 00007FF7EC50C1A4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ErrorFileLastPointer
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2976181284-0
                                                                                                                                                                                                        • Opcode ID: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                        • Instruction ID: cea774c80cabb8bf9c9af1465ca7187a15e089f52d5206c5cad6b3cfb19faf61
                                                                                                                                                                                                        • Opcode Fuzzy Hash: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C311C865618A4181EA109B15A805269E351BB45BF4FB44332EE7D877D9DF7CE011C742
                                                                                                                                                                                                        Function 00007FF7EC505994 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7EC5058A9), ref: 00007FF7EC5059C7
                                                                                                                                                                                                        • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7EC5058A9), ref: 00007FF7EC5059DD
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1707611234-0
                                                                                                                                                                                                        • Opcode ID: 3eb82881f56b5e10c0b4ae1229c4961d4f4fc58e8f6ff53d00dfea58f30bf4d5
                                                                                                                                                                                                        • Instruction ID: 816f71b81b83f8016eb10b41dcae8c09cc57ab20c612858a75adf18821824849
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3eb82881f56b5e10c0b4ae1229c4961d4f4fc58e8f6ff53d00dfea58f30bf4d5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: DC11917661C65282FA64AB14A44223AF7A0FB847B5FE00237FA9D819D8FF7CD054CB11
                                                                                                                                                                                                        Function 00007FF7EC50A9B8 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RtlFreeHeap.NTDLL(?,?,?,00007FF7EC512D92,?,?,?,00007FF7EC512DCF,?,?,00000000,00007FF7EC513295,?,?,?,00007FF7EC5131C7), ref: 00007FF7EC50A9CE
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF7EC512D92,?,?,?,00007FF7EC512DCF,?,?,00000000,00007FF7EC513295,?,?,?,00007FF7EC5131C7), ref: 00007FF7EC50A9D8
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 485612231-0
                                                                                                                                                                                                        • Opcode ID: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                        • Instruction ID: a490fe7fe7c1e6cbbafb4c23a542ddd78e5606133e5e54447809fafc596c2d6c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0FE04F58F08A0242FF04BBB2584A33992506F88B44BA44432DC1DC62A2EE3C6895C222
                                                                                                                                                                                                        Function 00007FF7EC50ABC8 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CloseHandle.KERNELBASE(?,?,?,00007FF7EC50AA45,?,?,00000000,00007FF7EC50AAFA), ref: 00007FF7EC50AC36
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF7EC50AA45,?,?,00000000,00007FF7EC50AAFA), ref: 00007FF7EC50AC40
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CloseErrorHandleLast
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 918212764-0
                                                                                                                                                                                                        • Opcode ID: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                        • Instruction ID: 6edd36f5a3ca26cd6fce15d1d2b791cdcc64fbc2e75f356eb75f6c448d28a8d9
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3C210E18F0C64241FE507761985237D9281AF94B98FA94237E91EC73C6EEBCE450C322
                                                                                                                                                                                                        Function 00007FF7EC50BF1C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                        • Opcode ID: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                                        • Instruction ID: 49bcb8c21936a264126df104a012f718bba91dc241c1e7d8b37b90b009ad0ae1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2E41A53690860187FA34EA15A592379B3A4EB56B48FA00132DA8DC76D1DF7DF402CB63
                                                                                                                                                                                                        Function 00007FF7EC4F7F80 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _fread_nolock
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 840049012-0
                                                                                                                                                                                                        • Opcode ID: 8334f334696440ef64ed4453da584d980c1c0ded1461c6629ef7e16216bca0a0
                                                                                                                                                                                                        • Instruction ID: 8febad8d456840c74f59542b602557ef41212c8124efc74a2fc671d9c7905651
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8334f334696440ef64ed4453da584d980c1c0ded1461c6629ef7e16216bca0a0
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A821C125B0879149FB10BA1264043BADA65BF47BC8FC91432EE0C0B786DF3DE055C222
                                                                                                                                                                                                        Function 00007FF7EC50B9AC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                        • Opcode ID: e965e93cbe1d72adb8351a0dc15ff4730447cd31f91a428760958f4d16ec249d
                                                                                                                                                                                                        • Instruction ID: 28ff609d8a74c63eb2f1db9f5b07fd00cf4d6017ce500d2c102284dca007a450
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e965e93cbe1d72adb8351a0dc15ff4730447cd31f91a428760958f4d16ec249d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8131C325A1864285F7117B55889337DA650EF40B98FE20537EA6D833D2EF7CE841C732
                                                                                                                                                                                                        Function 00007FF7EC506004 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                        • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                        • Instruction ID: 11c8ff2f898b5f9fc0c412386fd6c53dfab330fd09ae63bc3f74f7948fb25e18
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F7116F6AA1864181FA61BF11940237EE364AF45B88FE44032FB4CD7B96EF3CD940C726
                                                                                                                                                                                                        Function 00007FF7EC5163C4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                        • Opcode ID: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                        • Instruction ID: 937d351bb0928aaa65f715acb158a2d44acc267bce1ff115a53b7c42797d51a2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5521D776608E8287D761AF18D48437DB2A0FB84B94FB44236E69D876DADF7CD400CB11
                                                                                                                                                                                                        Function 00007FF7EC50042C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                        • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                        • Instruction ID: ec4e4a8fc68ed69e678a48e428e12c9d94c6d0f5532bc79dc39d4e30bf6e4ef1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1501C829A08B4140F904FF52590227DE692BF85FE4FA84632DE6C97BD6EE3CD411C315
                                                                                                                                                                                                        Function 00007FF7EC507F6C Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                        • Opcode ID: 6832eb5f98ca96f5e7cd25db8366a3c1a8b2d6b45623d2691d830cdd3d76c9ad
                                                                                                                                                                                                        • Instruction ID: 9569e72a062707342701e53696eac7999f7e91f90d74e5ab0abdda9a2f33d093
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6832eb5f98ca96f5e7cd25db8366a3c1a8b2d6b45623d2691d830cdd3d76c9ad
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 02012D29A0DA8240FA607B656942379D290AF447D8FF4453BEA1DC26C6FF7CA491C233
                                                                                                                                                                                                        Function 00007FF7EC5082A8 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                        • Opcode ID: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
                                                                                                                                                                                                        • Instruction ID: a7c152587e5cba2a1b487b3fc8cc51bbf5b7a11a40b518c7b5de7a68c3591126
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FDE0ECA8E08B0786F6153BB4498777A92105F55388FE14436E908963C3FE7C6859D633
                                                                                                                                                                                                        Function 00007FF7EC50D66C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • HeapAlloc.KERNEL32(?,?,?,00007FF7EC500D00,?,?,?,00007FF7EC50236A,?,?,?,?,?,00007FF7EC503B59), ref: 00007FF7EC50D6AA
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AllocHeap
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 4292702814-0
                                                                                                                                                                                                        • Opcode ID: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                        • Instruction ID: 4ddf3768d073d0a1be24bf1ac8d1f28352f2d508aea40b0a1bb343049779b977
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D7F05E09B0934685FE54776158123B5D2904F95BB8FA80332DC2EC53C6EE3CA480C532

                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                        Function 00007FF7EC4F76B0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AddressErrorLastProc
                                                                                                                                                                                                        • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                        • API String ID: 199729137-3427451314
                                                                                                                                                                                                        • Opcode ID: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                        • Instruction ID: 3a7288998a9cf5efb87047e8faf23c8180dd0d435549f9c57553f78ea1a873ce
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4302E86C90DF47C5FA05BB65A8187B8A765AF0A758FE01037D45E02264EF7CB258C237
                                                                                                                                                                                                        Function 00007FF7EC51411C Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                        • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                        • API String ID: 808467561-2761157908
                                                                                                                                                                                                        • Opcode ID: 5eb30dd7dc62229e37aa5031b27090d50e2656cb9eae334aa241f26caa9cb01e
                                                                                                                                                                                                        • Instruction ID: a38e1fd50d3e34876ae7a68e68e31b9ed43d960c617cd256765a6219986e569f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5eb30dd7dc62229e37aa5031b27090d50e2656cb9eae334aa241f26caa9cb01e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1AB2F67AE186828BE7259F64D4487FDB7A1FB44388FE06136DE0D57A84DB38E900CB51
                                                                                                                                                                                                        Function 00007FF7EC4F83B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,00007FF7EC4F8B09,00007FF7EC4F3FA5), ref: 00007FF7EC4F841B
                                                                                                                                                                                                        • RemoveDirectoryW.KERNEL32(?,00007FF7EC4F8B09,00007FF7EC4F3FA5), ref: 00007FF7EC4F849E
                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,00007FF7EC4F8B09,00007FF7EC4F3FA5), ref: 00007FF7EC4F84BD
                                                                                                                                                                                                        • FindNextFileW.KERNEL32(?,00007FF7EC4F8B09,00007FF7EC4F3FA5), ref: 00007FF7EC4F84CB
                                                                                                                                                                                                        • FindClose.KERNEL32(?,00007FF7EC4F8B09,00007FF7EC4F3FA5), ref: 00007FF7EC4F84DC
                                                                                                                                                                                                        • RemoveDirectoryW.KERNEL32(?,00007FF7EC4F8B09,00007FF7EC4F3FA5), ref: 00007FF7EC4F84E5
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                        • String ID: %s\*
                                                                                                                                                                                                        • API String ID: 1057558799-766152087
                                                                                                                                                                                                        • Opcode ID: 754801c57d3e7d892bd8d831a0c0450fb277ac1fd7854ad2b3e1f46bb6674256
                                                                                                                                                                                                        • Instruction ID: e04143590983632856e2d20e585d9227ef14e35940f5e0ed4ac95c426c4edefb
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 754801c57d3e7d892bd8d831a0c0450fb277ac1fd7854ad2b3e1f46bb6674256
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3F41A525A0CA8281EB30BB10E4487B9A764FB97758FD01233D99D47694EF3CD55DC712
                                                                                                                                                                                                        Function 00007FF7EC4FAD1D Relevance: 12.0, Strings: 9, Instructions: 744COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                                                                                                                                        • API String ID: 0-2665694366
                                                                                                                                                                                                        • Opcode ID: 183baba8c618070380c74d0f680cff30a06716a401d1faaba0935d79222a4dc0
                                                                                                                                                                                                        • Instruction ID: 5b4131be1a037adc0fe45134a3673058b6ad2439f02fb6887b0369c492745e13
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 183baba8c618070380c74d0f680cff30a06716a401d1faaba0935d79222a4dc0
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A5522236A042E68BE7A49F14C458B7E7BEDFB46344F45913AE64A83780DB3CD858CB11
                                                                                                                                                                                                        Function 00007FF7EC4FD19C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3140674995-0
                                                                                                                                                                                                        • Opcode ID: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                        • Instruction ID: 0ceb7b702380f074384415ab0ff828ee7afae4ec6a8d604ca7ec3cb3d2867a59
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F9316576608F8185EB60AF60E8843EEB364FB85708F54403ADA4D47B99EF3CD558C721
                                                                                                                                                                                                        Function 00007FF7EC50A684 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1239891234-0
                                                                                                                                                                                                        • Opcode ID: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                        • Instruction ID: d6880ce3f865e99545ea4c4a169b19b824990e454c0227b7c5d86356a71a0927
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4F31A736618F8185EB20DF24E8443AEB3A4FB88758FA40136EA9D43B95EF3CC555C711
                                                                                                                                                                                                        Function 00007FF7EC5118E4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2227656907-0
                                                                                                                                                                                                        • Opcode ID: 5fde642f47360a120b3bbdc49a752417dcdc94f7dd720a243365bab1f94d45be
                                                                                                                                                                                                        • Instruction ID: 628e0375265ee4fe3bdefd50a2275473192a040bb098a70e7ac6900acfc2e2e1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5fde642f47360a120b3bbdc49a752417dcdc94f7dd720a243365bab1f94d45be
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 40B1E92AB18E9241EE61AB2195083BAE390EB44BE4FA44173FD5D47BD5EF3CE841C311
                                                                                                                                                                                                        Function 00007FF7EC4FD080 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2933794660-0
                                                                                                                                                                                                        • Opcode ID: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                        • Instruction ID: 8e2fffb03c3283ce647ac4a8d720d42f184daa940a7f704ac358c62e281c424c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D411362AB14F058AEB00EB60E8483A973A4FB19758F940E32DA2D867A4DF7CD159C251
                                                                                                                                                                                                        Function 00007FF7EC513C80 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: memcpy_s
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1502251526-0
                                                                                                                                                                                                        • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                        • Instruction ID: acc93ab0309d2b6b5eb61431322dbfd1045199d85aada78cd356c3d037364a9c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C5C1E276A18A8687E7249F1AA04877AF7A1F794784F949236DB4A47744DB3DE800CB40
                                                                                                                                                                                                        Function 00007FF7EC4FA4E4 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: $header crc mismatch$unknown header flags set
                                                                                                                                                                                                        • API String ID: 0-1127688429
                                                                                                                                                                                                        • Opcode ID: 41de47797cb66f1826093f4b1d60416fd99d26d25a53ce6bfd127eaa39bdfb5e
                                                                                                                                                                                                        • Instruction ID: 3b8e553b8111c30922acda5e4f6816ff7096fc59bb6ac4fb6855bf743f584f49
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 41de47797cb66f1826093f4b1d60416fd99d26d25a53ce6bfd127eaa39bdfb5e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: BCF1D576A043C547E795AF04C088B3ABFEDEF46748F496536DA4907390CB38D469C752
                                                                                                                                                                                                        Function 00007FF7EC519798 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 15204871-0
                                                                                                                                                                                                        • Opcode ID: 2f74b2cda317b12825bead48c90720a79ba1abfeed249303701d480a1679e454
                                                                                                                                                                                                        • Instruction ID: 3e98404f8055b518f7472bb0e964eed307aebdccf272440cfc90592f65709789
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2f74b2cda317b12825bead48c90720a79ba1abfeed249303701d480a1679e454
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 18B17C7BA04B89CBEB15DF29C44A36CBBE0F784B48F648826DA5D837A4CB39D451C711
                                                                                                                                                                                                        Function 00007FF7EC503A14 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: $
                                                                                                                                                                                                        • API String ID: 0-227171996
                                                                                                                                                                                                        • Opcode ID: 3098a868bf4d382f942c0283459ab4806c0f53f7eb332f8174ba39f6fc7772a0
                                                                                                                                                                                                        • Instruction ID: 495cf4468d3f365e19fe07c06f135808d3d458ef73ec643f599869d17114936e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3098a868bf4d382f942c0283459ab4806c0f53f7eb332f8174ba39f6fc7772a0
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C3E1953A90864685FB68AB258152339A3A0FF45B4CFB45237DE4E87794EF39E841C712
                                                                                                                                                                                                        Function 00007FF7EC4FA34B Relevance: 2.7, Strings: 2, Instructions: 216COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: incorrect header check$invalid window size
                                                                                                                                                                                                        • API String ID: 0-900081337
                                                                                                                                                                                                        • Opcode ID: 5aba513b73eb8988df982bd12c0510577381bb82701c7147ce4cedc0b53fa8f7
                                                                                                                                                                                                        • Instruction ID: 01744c1d23c9db7bedf514d673ca35cfa5d53ae1be153806f63aafaa494dd719
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5aba513b73eb8988df982bd12c0510577381bb82701c7147ce4cedc0b53fa8f7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 71910676A182C687E7A49F14C488B3E7EEDFF46348F45613ADA4A467C0CB38E554CB12
                                                                                                                                                                                                        Function 00007FF7EC50DF60 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: e+000$gfff
                                                                                                                                                                                                        • API String ID: 0-3030954782
                                                                                                                                                                                                        • Opcode ID: b62be3d0480bbbd0e022829aa0980c84d51f153df7fa61e27e52cad2b39beef0
                                                                                                                                                                                                        • Instruction ID: 7b0f89c6bca881f0f6ce9a01a8d32bb1809daa6127d078d695daf6183a655516
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b62be3d0480bbbd0e022829aa0980c84d51f153df7fa61e27e52cad2b39beef0
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 79518C26B182C186F7249E359812769A791F744B98FB8C233CB9887AC1EF7DE041C712
                                                                                                                                                                                                        Function 00007FF7EC50DACC Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: gfffffff
                                                                                                                                                                                                        • API String ID: 0-1523873471
                                                                                                                                                                                                        • Opcode ID: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                        • Instruction ID: dc019f92c46439cac2c2996b4bbc51e3108b6dd6b5a2899868c567bfb697d286
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 50A14767A087C546FB21DF29A4017F9BB91EB62788F648032DE8D87785EE3DD501C712
                                                                                                                                                                                                        Function 00007FF7EC508804 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                        • String ID: TMP
                                                                                                                                                                                                        • API String ID: 3215553584-3125297090
                                                                                                                                                                                                        • Opcode ID: 5f14576829c2a404d65bc8e6713cc3c63392e5e443677cfdf71167dbae88db0a
                                                                                                                                                                                                        • Instruction ID: b1117d0eca94a216cc1795c0ff3ebfddcda04c363580089d7b698cdd6c723443
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5f14576829c2a404d65bc8e6713cc3c63392e5e443677cfdf71167dbae88db0a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F0519119B18B4241FB64BB265902B7AD2906F44BD8FE84836DE0D877D6FE7CE451C222
                                                                                                                                                                                                        Function 00007FF7EC5134F0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: HeapProcess
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 54951025-0
                                                                                                                                                                                                        • Opcode ID: 39e33fd4700d97162abc6aa121af668d241eeaeaed41ff08026f27548e358ff0
                                                                                                                                                                                                        • Instruction ID: 47c49f3b9594ecf0356d47816ef1cf0478ac8b0eb2cb6271973ae8270949b47c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 39e33fd4700d97162abc6aa121af668d241eeaeaed41ff08026f27548e358ff0
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D3B09228E07A02C2EA083B256C8631862A47F48B01FE8013AC41D81330DE3C20EA9722
                                                                                                                                                                                                        Function 00007FF7EC503610 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 5f2a1199bc68cddcf3b08423a19983f3afdde0c7e054ddf4c3f66946da216a90
                                                                                                                                                                                                        • Instruction ID: 205ce754141972db7ebc9eda5f4d2972abef7f9ab81334cdc998399d674f8dae
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5f2a1199bc68cddcf3b08423a19983f3afdde0c7e054ddf4c3f66946da216a90
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 96D1E96AA0864285FB28AF25815233DA7A0FF05B5CFB40237CE0D87795EF39D945C362
                                                                                                                                                                                                        Function 00007FF7EC4F9870 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 069bb313382d3adaff5ac451a95cb3dd74dda88d5dd80987c9f0d361d468a953
                                                                                                                                                                                                        • Instruction ID: c8fe317e902630b702b5610d6f24a1f7adfe5c943aab93ef632c7467e77f24af
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 069bb313382d3adaff5ac451a95cb3dd74dda88d5dd80987c9f0d361d468a953
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 39C1BE762181E08BD28AEA29E87947A77E1F78930DBD5406BEF87477C5C63CA414DB20
                                                                                                                                                                                                        Function 00007FF7EC502C80 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 2617fd8e8f043c0917c6a56c5cabdca8b91b1cd744d59a3c82f21f331bc63c74
                                                                                                                                                                                                        • Instruction ID: bc925ba3bb72b7ded437a9538ccd4504bea905d138cb9fef2eb9067c36a74ee9
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2617fd8e8f043c0917c6a56c5cabdca8b91b1cd744d59a3c82f21f331bc63c74
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C5B19E7A90878585F764AF29C85223CBBA0E745B4CFB80536CB4D87395EF39D842C722
                                                                                                                                                                                                        Function 00007FF7EC50E5E0 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 73948b09e9837a821f5a3b4bbb106c60bdc2a86aaa707f45330964650836ebfe
                                                                                                                                                                                                        • Instruction ID: 62e4b5beb76be33d191569b971b405bda19cf3c2fe4a9d5d3488e6514d3b410e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 73948b09e9837a821f5a3b4bbb106c60bdc2a86aaa707f45330964650836ebfe
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7D810376A0C78146F774DB29A44237ABA91FB45798FB44236DACD83B85EE7CE400CB11
                                                                                                                                                                                                        Function 00007FF7EC516488 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                        • Opcode ID: 0ac6b4c320f8a85a272a2d207e476957e076465a5e78eda0eae0a584ad6410a5
                                                                                                                                                                                                        • Instruction ID: f35388b4dc154f6de3303b21bc19404909c2ad0b01f06fb98c212b70bd9586b5
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0ac6b4c320f8a85a272a2d207e476957e076465a5e78eda0eae0a584ad6410a5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: BD610C2AE0C99286F724A928845C33DE581EF41364FF6423BDA5D866C7DE7DE800C722
                                                                                                                                                                                                        Function 00007FF7EC501DC4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                        • Instruction ID: 707035694fb1d916c18097060a16a920e56224b38f618e93626bf95819020394
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9A51983AA1865286F7249B29D04133EB7A0EB44B5CF744132EE4D97794EF3AE843C752
                                                                                                                                                                                                        Function 00007FF7EC5019B4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                        • Instruction ID: 546071edba4dcd7f74b38c6b46e8e1c3b57ebdaca8d46b5243d2a242e285b944
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8B51AE3BA1465181F7249B25C04233A7360EB44B5CFB44132DE4D977A4EF3AE843C792
                                                                                                                                                                                                        Function 00007FF7EC5021D4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                        • Instruction ID: d42e72ae504a70975333f30fcf786c85ab719cce29fe443e80700df7e27f2f92
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B451913AA1865282F7289B29C441378B3A1EB54B6CF748536CE4C877D4EF3AE843C751
                                                                                                                                                                                                        Function 00007FF7EC5017B0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                        • Instruction ID: 812991c0a0ee46d61a77be82fbf0b0cca1da006b97106c4afda7bf58fcec2900
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8E51B53AA18A5186F7249B28C04137EA3A1FB44B5CF744032DE4D97794EF3AE943C752
                                                                                                                                                                                                        Function 00007FF7EC501FD0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                        • Instruction ID: 80362d8f2cb5dcb23d797293d0a87da4d758617f1ffd553220ccab43835083ff
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F451B17AA1875185F7249B29C851338B7A0EB44B5CFB44432CE4C977A5EB3AEC43C751
                                                                                                                                                                                                        Function 00007FF7EC501BC0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                        • Instruction ID: 4dda891ded844deb4d7ec8bab1f8ebb001dd798df813fd1b236b7b4bfcf109dd
                                                                                                                                                                                                        • Opcode Fuzzy Hash: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3851B43BA1865186FB249B29C041339A3A0FB54B5CFB44132DE4D97794EB3AE843C752
                                                                                                                                                                                                        Function 00007FF7EC505DA0 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                        • Instruction ID: 38760735c33b148feb3e5381ac92afdf3f55b4e38453ba48c3c33d9e8908dc4e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0241B9AAC0D74A44FA75992805057B8D7809F62BA8DF852F2DDD9D33C3FD2C2946C127
                                                                                                                                                                                                        Function 00007FF7EC509F10 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 485612231-0
                                                                                                                                                                                                        • Opcode ID: 4700cc90785079b7bb7a0602c46334a4ae9c6cdcc1bc7f68a8ec9cd099c19dcc
                                                                                                                                                                                                        • Instruction ID: fe19df425620f9e6767f95c80b745fbd99ed3004581b9be884adbc26138f6fa3
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4700cc90785079b7bb7a0602c46334a4ae9c6cdcc1bc7f68a8ec9cd099c19dcc
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D3410426714A5481FF08DF2ADA25669F3A1BB48FC4BA99433DE0D97B58EE3CC442C301
                                                                                                                                                                                                        Function 00007FF7EC508154 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 12404f4f4f1323fea4d4e583727f71dd7b5a0d93f2e51056eadc76cf5c92dd81
                                                                                                                                                                                                        • Instruction ID: 50423e0207002cf49b603f295a3c28a835c351e14dd4963d5d006c8dce6bd2e0
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 12404f4f4f1323fea4d4e583727f71dd7b5a0d93f2e51056eadc76cf5c92dd81
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E731E736B18F4281F764AF21684123EA6D4AF84BD4FA4423AEA5D93BD6EF7CD001C715
                                                                                                                                                                                                        Function 00007FF7EC5195E0 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: bcf48121633763fd2f6aa1741893fa818c421e56c797f7e3558f0bc07bbc94c0
                                                                                                                                                                                                        • Instruction ID: 21c4f11d02c6c66c6722eeea60d16bcc47e023855e088132c15ae2f08108b402
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bcf48121633763fd2f6aa1741893fa818c421e56c797f7e3558f0bc07bbc94c0
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 53F068757186558ADB989F6DA40272977D0F7087C0FA0C03AD58D87B18DA3CD462CF15
                                                                                                                                                                                                        Function 00007FF7EC4FD37C Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: e6acc2ec838af36dd9636ef9e1d94249ffac8b7a33868b0b47a68aa66541c0b8
                                                                                                                                                                                                        • Instruction ID: ee89117dc1c5e6c29df9453ad09710fbc6a6cfef3a14a346946b8a9e540f9e2d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e6acc2ec838af36dd9636ef9e1d94249ffac8b7a33868b0b47a68aa66541c0b8
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8DA0026990CC4AD0E644BF00E894275A735FB55304BD01033E51D424B49F7CE418E323
                                                                                                                                                                                                        Function 00007FF7EC4F5820 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF7EC4F64BF,?,00007FF7EC4F336E), ref: 00007FF7EC4F5830
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF7EC4F64BF,?,00007FF7EC4F336E), ref: 00007FF7EC4F5842
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF7EC4F64BF,?,00007FF7EC4F336E), ref: 00007FF7EC4F5879
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF7EC4F64BF,?,00007FF7EC4F336E), ref: 00007FF7EC4F588B
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF7EC4F64BF,?,00007FF7EC4F336E), ref: 00007FF7EC4F58A4
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF7EC4F64BF,?,00007FF7EC4F336E), ref: 00007FF7EC4F58B6
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF7EC4F64BF,?,00007FF7EC4F336E), ref: 00007FF7EC4F58CF
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF7EC4F64BF,?,00007FF7EC4F336E), ref: 00007FF7EC4F58E1
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF7EC4F64BF,?,00007FF7EC4F336E), ref: 00007FF7EC4F58FD
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF7EC4F64BF,?,00007FF7EC4F336E), ref: 00007FF7EC4F590F
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF7EC4F64BF,?,00007FF7EC4F336E), ref: 00007FF7EC4F592B
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF7EC4F64BF,?,00007FF7EC4F336E), ref: 00007FF7EC4F593D
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF7EC4F64BF,?,00007FF7EC4F336E), ref: 00007FF7EC4F5959
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF7EC4F64BF,?,00007FF7EC4F336E), ref: 00007FF7EC4F596B
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF7EC4F64BF,?,00007FF7EC4F336E), ref: 00007FF7EC4F5987
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF7EC4F64BF,?,00007FF7EC4F336E), ref: 00007FF7EC4F5999
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF7EC4F64BF,?,00007FF7EC4F336E), ref: 00007FF7EC4F59B5
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF7EC4F64BF,?,00007FF7EC4F336E), ref: 00007FF7EC4F59C7
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AddressErrorLastProc
                                                                                                                                                                                                        • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                        • API String ID: 199729137-653951865
                                                                                                                                                                                                        • Opcode ID: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                        • Instruction ID: a8f76c8b1e4070cd155d3791696b43fa1f1a98e5e34eaa347a9867ea36caf978
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                        • Instruction Fuzzy Hash: BC22C47CA09F5B95FA05FB64A858374A7A4BF05785FE42037D81E02260EF3DB168C266
                                                                                                                                                                                                        Function 00007FF7EC4F81C0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC4F9400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7EC4F45E4,00000000,00007FF7EC4F1985), ref: 00007FF7EC4F9439
                                                                                                                                                                                                        • ExpandEnvironmentStringsW.KERNEL32(?,00007FF7EC4F88A7,?,?,00000000,00007FF7EC4F3CBB), ref: 00007FF7EC4F821C
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC4F2810: MessageBoxW.USER32 ref: 00007FF7EC4F28EA
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                        • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                        • API String ID: 1662231829-930877121
                                                                                                                                                                                                        • Opcode ID: e491f33a4545c5dc9e33b4da933e1c9d98f9a36929a11ac7b8a73595df86892f
                                                                                                                                                                                                        • Instruction ID: cf5f69c3bd0e7a074bcee31ad22050d3d8ba8549cb9ec98b3fd83b1f98bc6dd7
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e491f33a4545c5dc9e33b4da933e1c9d98f9a36929a11ac7b8a73595df86892f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4E51C819A1CBC241FB51BB20D8557BAE654AF96788FD41033D54E876D5EF3CE418C322
                                                                                                                                                                                                        Function 00007FF7EC4F2180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                        • String ID: P%
                                                                                                                                                                                                        • API String ID: 2147705588-2959514604
                                                                                                                                                                                                        • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                        • Instruction ID: 382044a4ada30be140be97235ab02702c4ab9577095bc42f5aab03266071ce60
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5E51F776604BA186D6349F26F4182BAF7A1F798B65F004122EFDE43694DF7CD045DB20
                                                                                                                                                                                                        Function 00007FF7EC4F80B0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                                                                                        • String ID: Needs to remove its temporary files.
                                                                                                                                                                                                        • API String ID: 3975851968-2863640275
                                                                                                                                                                                                        • Opcode ID: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                        • Instruction ID: 2a53b55c3e61a913e5351cfb377b76fcc58d2b621ceb458898de35647d4a3159
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B7212B6DB08E8281E7016B3AA848339E254EF8AB94F985232DE2D473D4DE3CD454C222
                                                                                                                                                                                                        Function 00007FF7EC506300 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                        • String ID: -$:$f$p$p
                                                                                                                                                                                                        • API String ID: 3215553584-2013873522
                                                                                                                                                                                                        • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                        • Instruction ID: e953018cc37c7f10b177efc585f8793c62ef85102ddbae0c73ac5290d29450d5
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 41128269E0C54386FB207A14915637DB6A1FB40758FE44537EA8987AC4EF3CE580EB22
                                                                                                                                                                                                        Function 00007FF7EC501038 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                        • String ID: f$f$p$p$f
                                                                                                                                                                                                        • API String ID: 3215553584-1325933183
                                                                                                                                                                                                        • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                        • Instruction ID: 620bd9c337f4529107787cc60aa11729e374c637cc2a765e566c33a88405ceed
                                                                                                                                                                                                        • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3C125329E0C14385FB24BA55A4567BBB6A1FB40758FE84037F699879C4EB7CE440CB23
                                                                                                                                                                                                        Function 00007FF7EC4F1050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                        • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                        • API String ID: 2050909247-3659356012
                                                                                                                                                                                                        • Opcode ID: 8ac83016c6d19718629361c98ce183280e134061d2f39cae6ebd349d7a60620e
                                                                                                                                                                                                        • Instruction ID: 4025d8f5284889c4f6cb4409de4fff5b4624f037026b39c4122b74f586bc60c1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8ac83016c6d19718629361c98ce183280e134061d2f39cae6ebd349d7a60620e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C241AEA9A0869281FA10FB11A9057BAE798BF49BC8FD05433ED0C47785DE3CE519C362
                                                                                                                                                                                                        Function 00007FF7EC4F1470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                        • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                        • API String ID: 2050909247-3659356012
                                                                                                                                                                                                        • Opcode ID: 32ddf84ba07bcb3af5be6c29ad821ee78a82dc1a13238bf059d4699f4c578f7a
                                                                                                                                                                                                        • Instruction ID: 3ddf4c9966cea618df8a10ce275b2fc99ba25a1e6294633bf08cc42adad75c00
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 32ddf84ba07bcb3af5be6c29ad821ee78a82dc1a13238bf059d4699f4c578f7a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0741EEA9A0868285FB11FB2194017B9E794EF45798FD06433ED0D07B95EF3CE51AC722
                                                                                                                                                                                                        Function 00007FF7EC4FEA78 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                        • String ID: csm$csm$csm
                                                                                                                                                                                                        • API String ID: 849930591-393685449
                                                                                                                                                                                                        • Opcode ID: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                        • Instruction ID: 605b87cde9a34c5f97df16cd71460f891624407db5ad5500d10dff8664f2a9bb
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 82D1812690878186EB20EF25D4403ADABA4FB4678DF502136EE4D57B95DF38E064C722
                                                                                                                                                                                                        Function 00007FF7EC50ED80 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,?,00007FF7EC50F11A,?,?,000001DC5E8E5948,00007FF7EC50ADC3,?,?,?,00007FF7EC50ACBA,?,?,?,00007FF7EC505FAE), ref: 00007FF7EC50EEFC
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,?,00007FF7EC50F11A,?,?,000001DC5E8E5948,00007FF7EC50ADC3,?,?,?,00007FF7EC50ACBA,?,?,?,00007FF7EC505FAE), ref: 00007FF7EC50EF08
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                        • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                        • API String ID: 3013587201-537541572
                                                                                                                                                                                                        • Opcode ID: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                        • Instruction ID: 2297ada27a272a3d3b5b31b59bc1d02564e66ab5e465fc87718be5af51feee6b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B3414529B18A0242FA16EB129805775A3A5BF48B94FF8413BDD5D87384EE7CE405C326
                                                                                                                                                                                                        Function 00007FF7EC4F2C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF7EC4F3706,?,00007FF7EC4F3804), ref: 00007FF7EC4F2C9E
                                                                                                                                                                                                        • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7EC4F3706,?,00007FF7EC4F3804), ref: 00007FF7EC4F2D63
                                                                                                                                                                                                        • MessageBoxW.USER32 ref: 00007FF7EC4F2D99
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Message$CurrentFormatProcess
                                                                                                                                                                                                        • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                                                                                                                                        • API String ID: 3940978338-251083826
                                                                                                                                                                                                        • Opcode ID: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                        • Instruction ID: 75c899662008375250c94876fc028b98e53e6cc83979677391d600d11a916fa1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4231F87A708A8142F620BB21A8047ABA695BF897DCF900137EF4D93759EF3CD51AC311
                                                                                                                                                                                                        Function 00007FF7EC4FDD38 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,?,?,00007FF7EC4FDFEA,?,?,?,00007FF7EC4FDCDC,?,?,?,00007FF7EC4FD8D9), ref: 00007FF7EC4FDDBD
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF7EC4FDFEA,?,?,?,00007FF7EC4FDCDC,?,?,?,00007FF7EC4FD8D9), ref: 00007FF7EC4FDDCB
                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,?,?,00007FF7EC4FDFEA,?,?,?,00007FF7EC4FDCDC,?,?,?,00007FF7EC4FD8D9), ref: 00007FF7EC4FDDF5
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,?,00007FF7EC4FDFEA,?,?,?,00007FF7EC4FDCDC,?,?,?,00007FF7EC4FD8D9), ref: 00007FF7EC4FDE63
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,?,00007FF7EC4FDFEA,?,?,?,00007FF7EC4FDCDC,?,?,?,00007FF7EC4FD8D9), ref: 00007FF7EC4FDE6F
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                        • String ID: api-ms-
                                                                                                                                                                                                        • API String ID: 2559590344-2084034818
                                                                                                                                                                                                        • Opcode ID: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                        • Instruction ID: cc9017204bedff623735b6ffc2e0c8100951f9d58a814dad63940d3a29c69e1a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C631D629B19A8285EE12FF02A8043B5A798FF59BA8FD91136DD1D07384DF3CE458C325
                                                                                                                                                                                                        Function 00007FF7EC4F6350 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                        • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                        • API String ID: 2050909247-2434346643
                                                                                                                                                                                                        • Opcode ID: c6b32316bfe7a0aff6899d53276924ef6fe1744c5bc58fcca4aca07baf8add6e
                                                                                                                                                                                                        • Instruction ID: 3c879f3879478bbca0d97f2eb8be3b79f4379899a373fb78ffb14e15e41ae95c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c6b32316bfe7a0aff6899d53276924ef6fe1744c5bc58fcca4aca07baf8add6e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A541B539A08AC791EA21FB20E4143E9A759FB55348FD01133DA5C43695DF3CF629C762
                                                                                                                                                                                                        Function 00007FF7EC4F2A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF7EC4F351A,?,00000000,00007FF7EC4F3F23), ref: 00007FF7EC4F2AA0
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                        • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                        • API String ID: 2050909247-2900015858
                                                                                                                                                                                                        • Opcode ID: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                        • Instruction ID: eda745bd751ed575b2992d1ad00273abd9635a16d183fc8c2f4d91d32ca8d307
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D821B276A18B8282E720EB51B8417E6A7A4FB883C8F801133FE8C83659DF3CD159C751
                                                                                                                                                                                                        Function 00007FF7EC50B1C0 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Value$ErrorLast
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2506987500-0
                                                                                                                                                                                                        • Opcode ID: 95e941e89c228e9c604249a81e4247bf93b8921c3316e711f137cef7aac77c3c
                                                                                                                                                                                                        • Instruction ID: 75b99167c649b03cb59f56759bd8b694fce6ef8ade1ff19c6878394581acc2c4
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 95e941e89c228e9c604249a81e4247bf93b8921c3316e711f137cef7aac77c3c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 07215C2CE0CA0341FA58736156A733DE1925F447A8FB44736D93E86AD6EE3CA400C322
                                                                                                                                                                                                        Function 00007FF7EC517DDC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                        • String ID: CONOUT$
                                                                                                                                                                                                        • API String ID: 3230265001-3130406586
                                                                                                                                                                                                        • Opcode ID: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                        • Instruction ID: e371fb8f516805dde407827b53bd2f41fd31d4ccf53b2eb5048a87c1c1f7d536
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 38119025B18F4186E750AB56E858329A3E0FB98BF4FA00236EA5D877A4DF7CD804C751
                                                                                                                                                                                                        Function 00007FF7EC4F8560 Relevance: 9.1, APIs: 6, Instructions: 127COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,?,?,00000000,00007FF7EC4F9216), ref: 00007FF7EC4F8592
                                                                                                                                                                                                        • K32EnumProcessModules.KERNEL32(?,?,00000000,00007FF7EC4F9216), ref: 00007FF7EC4F85E9
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC4F9400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7EC4F45E4,00000000,00007FF7EC4F1985), ref: 00007FF7EC4F9439
                                                                                                                                                                                                        • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF7EC4F9216), ref: 00007FF7EC4F8678
                                                                                                                                                                                                        • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF7EC4F9216), ref: 00007FF7EC4F86E4
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,00000000,00007FF7EC4F9216), ref: 00007FF7EC4F86F5
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,00000000,00007FF7EC4F9216), ref: 00007FF7EC4F870A
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3462794448-0
                                                                                                                                                                                                        • Opcode ID: b52d66e3f6483ee012b3a88bb9869cc1030523c4b2827b1d8d4a1b21ae680e9c
                                                                                                                                                                                                        • Instruction ID: 56fb369576843375753cfab31033c4b501a75913a28e7377b1a47c8da876b47e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b52d66e3f6483ee012b3a88bb9869cc1030523c4b2827b1d8d4a1b21ae680e9c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7D41D96AB187C241E730AB11A8407AAA798FF46BD8F841036DF4C57785DF3CD419C721
                                                                                                                                                                                                        Function 00007FF7EC50B338 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF7EC504F81,?,?,?,?,00007FF7EC50A4FA,?,?,?,?,00007FF7EC5071FF), ref: 00007FF7EC50B347
                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7EC504F81,?,?,?,?,00007FF7EC50A4FA,?,?,?,?,00007FF7EC5071FF), ref: 00007FF7EC50B37D
                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7EC504F81,?,?,?,?,00007FF7EC50A4FA,?,?,?,?,00007FF7EC5071FF), ref: 00007FF7EC50B3AA
                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7EC504F81,?,?,?,?,00007FF7EC50A4FA,?,?,?,?,00007FF7EC5071FF), ref: 00007FF7EC50B3BB
                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7EC504F81,?,?,?,?,00007FF7EC50A4FA,?,?,?,?,00007FF7EC5071FF), ref: 00007FF7EC50B3CC
                                                                                                                                                                                                        • SetLastError.KERNEL32(?,?,?,00007FF7EC504F81,?,?,?,?,00007FF7EC50A4FA,?,?,?,?,00007FF7EC5071FF), ref: 00007FF7EC50B3E7
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Value$ErrorLast
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2506987500-0
                                                                                                                                                                                                        • Opcode ID: 6d8f3e74ebbb6b3e9df47af100808aa7e96d944c008937dd2b032c21f4d9a902
                                                                                                                                                                                                        • Instruction ID: a3ada4905b0ba9ea204c1d145944a8ee0763e00c47649447748b40abd74cb093
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6d8f3e74ebbb6b3e9df47af100808aa7e96d944c008937dd2b032c21f4d9a902
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 53113E2CA0CA4282F658772156A337DE1925F447A8FB4473AD93EC67D6EE7CA401C323
                                                                                                                                                                                                        Function 00007FF7EC4F2910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF7EC4F1B6A), ref: 00007FF7EC4F295E
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                        • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                                                                                                                                        • API String ID: 2050909247-2962405886
                                                                                                                                                                                                        • Opcode ID: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                        • Instruction ID: ba242685fbca0f90236925b5e95027fa6599b21470d6017fbb53bf23f83a20fb
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3631266AB18A8142E720B761A8417E7A694BF887D8F801133FE8C83755EF3CD55AC211
                                                                                                                                                                                                        Function 00007FF7EC4F2390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                        • String ID: Unhandled exception in script
                                                                                                                                                                                                        • API String ID: 3081866767-2699770090
                                                                                                                                                                                                        • Opcode ID: 39c06ba8bf9b0b274a05e8f7e17acb9149a8f0f807fdaf6a00a55f32f6777a83
                                                                                                                                                                                                        • Instruction ID: 18c07209ab407c63f0ee8c8e101ba64afbd774a25ef7b92052154a54419ae096
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 39c06ba8bf9b0b274a05e8f7e17acb9149a8f0f807fdaf6a00a55f32f6777a83
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC31977A609A8189EB20FF21E8553F9A360FF89788F940136EA4D87B55DF3CD505C712
                                                                                                                                                                                                        Function 00007FF7EC4F2B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF7EC4F918F,?,00007FF7EC4F3C55), ref: 00007FF7EC4F2BA0
                                                                                                                                                                                                        • MessageBoxW.USER32 ref: 00007FF7EC4F2C2A
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentMessageProcess
                                                                                                                                                                                                        • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                                                                                                                                        • API String ID: 1672936522-3797743490
                                                                                                                                                                                                        • Opcode ID: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                        • Instruction ID: bd96baaa1816dc03a00ef42eb23f404a58510ffe3220d3b3b485f892107db2dd
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7521D166708B8182E720EB24F8457AAB7A4FB88784F801132EE8D97655DF3CD619C711
                                                                                                                                                                                                        Function 00007FF7EC4F2710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF7EC4F1B99), ref: 00007FF7EC4F2760
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                        • String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                        • API String ID: 2050909247-1591803126
                                                                                                                                                                                                        • Opcode ID: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                        • Instruction ID: 53519d72d6e28f310db1d5cc158a056260479d78723bad3f8dacc8701f6efadb
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4F21B276A18B8182E720EB50B8417E6A7A4FB883C8F901132FE8C83659DF3CD159C751
                                                                                                                                                                                                        Function 00007FF7EC509AF8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                        • API String ID: 4061214504-1276376045
                                                                                                                                                                                                        • Opcode ID: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                        • Instruction ID: f0b2ff6d81ca3180e796c289c7dc654c6aa45e13dc9a9c43cb0892f0c7f33b88
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3BF0AF69B18B0681FB14AB24A8493399370AF49775FA40236CA6E861E8DF3CE144C321
                                                                                                                                                                                                        Function 00007FF7EC5193D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _set_statfp
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1156100317-0
                                                                                                                                                                                                        • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                        • Instruction ID: 6e755bda8cf39e91545e48934587e8481ffa4bb5eab46a44605da6a6ac4a795a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0111C17AE1CE9381F7643126E45E375A0447F58370FB80636EAAE062D6CEBCA941C122
                                                                                                                                                                                                        Function 00007FF7EC50B400 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FlsGetValue.KERNEL32(?,?,?,00007FF7EC50A613,?,?,00000000,00007FF7EC50A8AE,?,?,?,?,?,00007FF7EC50A83A), ref: 00007FF7EC50B41F
                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7EC50A613,?,?,00000000,00007FF7EC50A8AE,?,?,?,?,?,00007FF7EC50A83A), ref: 00007FF7EC50B43E
                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7EC50A613,?,?,00000000,00007FF7EC50A8AE,?,?,?,?,?,00007FF7EC50A83A), ref: 00007FF7EC50B466
                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7EC50A613,?,?,00000000,00007FF7EC50A8AE,?,?,?,?,?,00007FF7EC50A83A), ref: 00007FF7EC50B477
                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7EC50A613,?,?,00000000,00007FF7EC50A8AE,?,?,?,?,?,00007FF7EC50A83A), ref: 00007FF7EC50B488
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Value
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3702945584-0
                                                                                                                                                                                                        • Opcode ID: 3cf0457813ef902b4d16e29671bd05b92734aec0d3ae5f0b4a86182189680110
                                                                                                                                                                                                        • Instruction ID: debbac9e54cbd20b7a6f1346b77c359e681f676f853fd8361bb132506bda5327
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3cf0457813ef902b4d16e29671bd05b92734aec0d3ae5f0b4a86182189680110
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 59116038B08A0241FA58B32156A3379E1925F447B8FF48336D83EC66D6EE3CA501C223
                                                                                                                                                                                                        Function 00007FF7EC50B294 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Value
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3702945584-0
                                                                                                                                                                                                        • Opcode ID: 58ce09dd5263def6ec13d4cefdd98fc26a3f0444d111e578bd11d526dfe727f7
                                                                                                                                                                                                        • Instruction ID: b7649f0c2c904ee3c098740c9add405763e83ddd6a7099507a55c2d2c8486e91
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 58ce09dd5263def6ec13d4cefdd98fc26a3f0444d111e578bd11d526dfe727f7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4911DA2CA0960745F96C722559A337AA1915F45768FF4473AD93ECA2D2FD3CB441C223
                                                                                                                                                                                                        Function 00007FF7EC506010 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                        • String ID: verbose
                                                                                                                                                                                                        • API String ID: 3215553584-579935070
                                                                                                                                                                                                        • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                        • Instruction ID: c50e967c02b02b9f2c232376d6bbb4780f418c91247308b1d29666a702aaf6f6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3C91B23AA08A4645F761AE24D4523BDB391AF40B98FE44137DE59873D6EF3CE405D322
                                                                                                                                                                                                        Function 00007FF7EC50FC38 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                        • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                        • API String ID: 3215553584-1196891531
                                                                                                                                                                                                        • Opcode ID: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                        • Instruction ID: f19ee1457e55be626678395bf5a41887781fede1d5fe20f48625cb580e51fc36
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2081B23AD0C24286F7A46E25810337AB7A0AB1174CFF54237DA09C7286FB3DA945D723
                                                                                                                                                                                                        Function 00007FF7EC4FD6B8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                        • API String ID: 2395640692-1018135373
                                                                                                                                                                                                        • Opcode ID: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                        • Instruction ID: 7558b7420866ddb0b0a51ae92acaa686833babb08d154231701732194b7bc233
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                        • Instruction Fuzzy Hash: AA51013AB096828ADB14FF15D004BB8BB99EB45B9CF905132DA5E47748DF3CE864C712
                                                                                                                                                                                                        Function 00007FF7EC4FEF48 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                        • String ID: MOC$RCC
                                                                                                                                                                                                        • API String ID: 3544855599-2084237596
                                                                                                                                                                                                        • Opcode ID: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                        • Instruction ID: 118e9163e12cc4c7c31b0ee3eb876293e18575262e47db0a2ddba13f3b293f30
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8F61B437908BC586E720AF15E4403AAFBA4FB85788F445226EB9C03B59DF7CD1A4CB11
                                                                                                                                                                                                        Function 00007FF7EC4FF2F8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                        • String ID: csm$csm
                                                                                                                                                                                                        • API String ID: 3896166516-3733052814
                                                                                                                                                                                                        • Opcode ID: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                        • Instruction ID: 85edc62bf23c4e2e830dd197272b6879106bdf077dcdb6d2e5ed2f43244af814
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4951C33B9082C287FB64AF219044368BAD8FB56B98F946137DA8C43785CF3CE464C712
                                                                                                                                                                                                        Function 00007FF7EC4F2810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Message
                                                                                                                                                                                                        • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                                                                                                                                        • API String ID: 2030045667-255084403
                                                                                                                                                                                                        • Opcode ID: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                        • Instruction ID: 8ccfd7f058b36e394248fab6a8184acaaf160045dbf011f97ad2cff64e44b10a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                        • Instruction Fuzzy Hash: DA21D176B08B8192E720EB24F4457EAA7A4FB88784F801132EE8D93656DF3CD659C711
                                                                                                                                                                                                        Function 00007FF7EC50C610 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2718003287-0
                                                                                                                                                                                                        • Opcode ID: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                        • Instruction ID: 4965f6ca836d1b62f1bac9d7d1a0278949dc9ec8f4584d2fdd3561954af9e239
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 77D13776B08A808AF710DF64D4412AC7771FB457DCBA08236DE5E97B89EE38E016C712
                                                                                                                                                                                                        Function 00007FF7EC4F20C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1956198572-0
                                                                                                                                                                                                        • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                        • Instruction ID: 87a61c005345014572976612621b9e5059f8382311ecded319c10c8bdf7bed2c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FD118035F0C4C242F660A76AE5443799656EF89784FC49032DB5907B89CD3CD8E4C211
                                                                                                                                                                                                        Function 00007FF7EC515B8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                        • String ID: ?
                                                                                                                                                                                                        • API String ID: 1286766494-1684325040
                                                                                                                                                                                                        • Opcode ID: 49037f27f8a3fd0af602071961786b5c11050eb40cc6520dd4d88adff463e317
                                                                                                                                                                                                        • Instruction ID: 76298e1d0ecd453a52886459d7e03e3579bd486f5bf463552c214c5db17a2551
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 49037f27f8a3fd0af602071961786b5c11050eb40cc6520dd4d88adff463e317
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2F41181AA18A8246FB24AB25D44937AD650EB90BA8FF44237EE5C07BD5DF3CD441C712
                                                                                                                                                                                                        Function 00007FF7EC509084 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7EC5090B6
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC50A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF7EC512D92,?,?,?,00007FF7EC512DCF,?,?,00000000,00007FF7EC513295,?,?,?,00007FF7EC5131C7), ref: 00007FF7EC50A9CE
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC50A9B8: GetLastError.KERNEL32(?,?,?,00007FF7EC512D92,?,?,?,00007FF7EC512DCF,?,?,00000000,00007FF7EC513295,?,?,?,00007FF7EC5131C7), ref: 00007FF7EC50A9D8
                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF7EC4FCC15), ref: 00007FF7EC5090D4
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                        • String ID: C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                        • API String ID: 3580290477-9112941
                                                                                                                                                                                                        • Opcode ID: 6949f310d66ea20a01752be9fefe254e5f7f697695929ffcc1b4329691481a3a
                                                                                                                                                                                                        • Instruction ID: 8df266930b0c28f5af27eb5ff929c857134860654896c02cfe904024a5edfe10
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6949f310d66ea20a01752be9fefe254e5f7f697695929ffcc1b4329691481a3a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 81418439A08B02C5F714BF2599562BDA394FB447C8BA54037E94D83B8AEE3DD441C361
                                                                                                                                                                                                        Function 00007FF7EC50CCA8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ErrorFileLastWrite
                                                                                                                                                                                                        • String ID: U
                                                                                                                                                                                                        • API String ID: 442123175-4171548499
                                                                                                                                                                                                        • Opcode ID: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                        • Instruction ID: 8448feaee86b1e5aed8b681b7a027bf153653b67daf97179829d87102a59ad9e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F641F837B18A9181EB20EF25E4453A9A760FB89794F904032EE4DC7788EF3CE401CB12
                                                                                                                                                                                                        Function 00007FF7EC50F628 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentDirectory
                                                                                                                                                                                                        • String ID: :
                                                                                                                                                                                                        • API String ID: 1611563598-336475711
                                                                                                                                                                                                        • Opcode ID: 3c906c99ff6b46cc0de181ba7a1caf37579b2c2fe8814107475e6c290f9e88a5
                                                                                                                                                                                                        • Instruction ID: 5f56afda0ec1808181a7dd70399044d1083d60eb3f4a5b72135410e0433d6253
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3c906c99ff6b46cc0de181ba7a1caf37579b2c2fe8814107475e6c290f9e88a5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A021E966A0868182FB24AB11D44537EB3B1FB84B88FE54137D68C83694EF7CD945C762
                                                                                                                                                                                                        Function 00007FF7EC4FFDB8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                        • API String ID: 2573137834-1018135373
                                                                                                                                                                                                        • Opcode ID: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                        • Instruction ID: 3091680f4e794c10bf0561491728ae1211a1b7896cbed1027eca283969677198
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5A116036608B8182EB209F15F440259BBE5FB88B88F984235DF8D07755DF3CC565CB00
                                                                                                                                                                                                        Function 00007FF7EC5107AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.2620609806.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620583011.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620646528.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620685909.00007FF7EC532000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.2620730771.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                        • String ID: :
                                                                                                                                                                                                        • API String ID: 2595371189-336475711
                                                                                                                                                                                                        • Opcode ID: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                        • Instruction ID: 8d550e449503e5139f1b3305ec37853b38ab887fc11c086c0f7c6e74d7d952e4
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: ED01842A91C74385F725BF60946A37EA7A0EF88748FE01037D55D82691EF3CE544CB26

                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                        Execution Coverage:1.6%
                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                                                                        Total number of Nodes:710
                                                                                                                                                                                                        Total number of Limit Nodes:17
                                                                                                                                                                                                        execution_graph 69113 7ffb1bb13ab0 PyFrozenSet_New 69114 7ffb1bb13ad3 EVP_MD_do_all_provided 69113->69114 69116 7ffb1bb13b0f 69113->69116 69115 7ffb1bb13af2 PyModule_AddObject 69114->69115 69117 7ffb1bb15422 69114->69117 69115->69116 69115->69117 69117->69116 69118 7ffb1bb1543a _Py_Dealloc 69117->69118 69118->69116 69119 7ff7ec4f2fe0 69120 7ff7ec4f2ff0 69119->69120 69121 7ff7ec4f3041 69120->69121 69122 7ff7ec4f302b 69120->69122 69124 7ff7ec4f3061 69121->69124 69135 7ff7ec4f3077 __std_exception_destroy 69121->69135 69195 7ff7ec4f2710 54 API calls _log10_special 69122->69195 69196 7ff7ec4f2710 54 API calls _log10_special 69124->69196 69127 7ff7ec4f3037 __std_exception_destroy 69197 7ff7ec4fc5c0 69127->69197 69130 7ff7ec4f3349 69210 7ff7ec4f2710 54 API calls _log10_special 69130->69210 69133 7ff7ec4f3333 69209 7ff7ec4f2710 54 API calls _log10_special 69133->69209 69135->69127 69135->69130 69135->69133 69136 7ff7ec4f330d 69135->69136 69138 7ff7ec4f3207 69135->69138 69147 7ff7ec4f1470 69135->69147 69177 7ff7ec4f1c80 69135->69177 69208 7ff7ec4f2710 54 API calls _log10_special 69136->69208 69139 7ff7ec4f3273 69138->69139 69206 7ff7ec50a474 37 API calls 2 library calls 69138->69206 69141 7ff7ec4f3290 69139->69141 69142 7ff7ec4f329e 69139->69142 69207 7ff7ec50a474 37 API calls 2 library calls 69141->69207 69181 7ff7ec4f2dd0 69142->69181 69145 7ff7ec4f329c 69185 7ff7ec4f2500 69145->69185 69211 7ff7ec4f45b0 69147->69211 69150 7ff7ec4f149b 69251 7ff7ec4f2710 54 API calls _log10_special 69150->69251 69151 7ff7ec4f14bc 69221 7ff7ec500744 69151->69221 69154 7ff7ec4f14ab 69154->69135 69155 7ff7ec4f14d1 69156 7ff7ec4f14d5 69155->69156 69157 7ff7ec4f14f8 69155->69157 69252 7ff7ec504f78 11 API calls _get_daylight 69156->69252 69160 7ff7ec4f1532 69157->69160 69161 7ff7ec4f1508 69157->69161 69159 7ff7ec4f14da 69253 7ff7ec4f2910 54 API calls _log10_special 69159->69253 69164 7ff7ec4f1538 69160->69164 69169 7ff7ec4f154b 69160->69169 69254 7ff7ec504f78 11 API calls _get_daylight 69161->69254 69225 7ff7ec4f1210 69164->69225 69165 7ff7ec4f1510 69255 7ff7ec4f2910 54 API calls _log10_special 69165->69255 69172 7ff7ec4f15d6 69169->69172 69176 7ff7ec4f14f3 __std_exception_destroy 69169->69176 69256 7ff7ec50040c 69169->69256 69170 7ff7ec4f15c4 69170->69135 69259 7ff7ec504f78 11 API calls _get_daylight 69172->69259 69174 7ff7ec4f15db 69260 7ff7ec4f2910 54 API calls _log10_special 69174->69260 69247 7ff7ec5000bc 69176->69247 69178 7ff7ec4f1ca5 69177->69178 69501 7ff7ec5049f4 69178->69501 69184 7ff7ec4f2e04 69181->69184 69182 7ff7ec4f2f6f 69182->69145 69184->69182 69528 7ff7ec50a474 37 API calls 2 library calls 69184->69528 69186 7ff7ec4f252c 69185->69186 69187 7ff7ec4f2536 69185->69187 69188 7ff7ec4f9400 2 API calls 69186->69188 69189 7ff7ec4f254b 69187->69189 69190 7ff7ec4f9400 2 API calls 69187->69190 69188->69187 69191 7ff7ec4f2560 69189->69191 69193 7ff7ec4f9400 2 API calls 69189->69193 69190->69189 69529 7ff7ec4f2390 69191->69529 69193->69191 69194 7ff7ec4f257c __std_exception_destroy 69194->69127 69195->69127 69196->69127 69198 7ff7ec4fc5c9 69197->69198 69199 7ff7ec4fc950 IsProcessorFeaturePresent 69198->69199 69200 7ff7ec4f31fa 69198->69200 69201 7ff7ec4fc968 69199->69201 69584 7ff7ec4fcb48 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 69201->69584 69203 7ff7ec4fc97b 69585 7ff7ec4fc910 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 69203->69585 69206->69139 69207->69145 69208->69127 69209->69127 69210->69127 69212 7ff7ec4f45bc 69211->69212 69261 7ff7ec4f9400 69212->69261 69214 7ff7ec4f45e4 69215 7ff7ec4f9400 2 API calls 69214->69215 69216 7ff7ec4f45f7 69215->69216 69266 7ff7ec506004 69216->69266 69219 7ff7ec4fc5c0 _log10_special 8 API calls 69220 7ff7ec4f1493 69219->69220 69220->69150 69220->69151 69222 7ff7ec500774 69221->69222 69434 7ff7ec5004d4 69222->69434 69224 7ff7ec50078d 69224->69155 69226 7ff7ec4f1268 69225->69226 69227 7ff7ec4f126f 69226->69227 69228 7ff7ec4f1297 69226->69228 69451 7ff7ec4f2710 54 API calls _log10_special 69227->69451 69231 7ff7ec4f12d4 69228->69231 69232 7ff7ec4f12b1 69228->69232 69230 7ff7ec4f1282 69230->69176 69235 7ff7ec4f12e6 69231->69235 69241 7ff7ec4f1309 memcpy_s 69231->69241 69452 7ff7ec504f78 11 API calls _get_daylight 69232->69452 69234 7ff7ec4f12b6 69453 7ff7ec4f2910 54 API calls _log10_special 69234->69453 69454 7ff7ec504f78 11 API calls _get_daylight 69235->69454 69238 7ff7ec4f12eb 69455 7ff7ec4f2910 54 API calls _log10_special 69238->69455 69239 7ff7ec50040c _fread_nolock 53 API calls 69239->69241 69241->69239 69242 7ff7ec4f12cf __std_exception_destroy 69241->69242 69243 7ff7ec4f13cf 69241->69243 69246 7ff7ec500180 37 API calls 69241->69246 69447 7ff7ec500b4c 69241->69447 69242->69176 69456 7ff7ec4f2710 54 API calls _log10_special 69243->69456 69246->69241 69248 7ff7ec5000ec 69247->69248 69473 7ff7ec4ffe98 69248->69473 69250 7ff7ec500105 69250->69170 69251->69154 69252->69159 69253->69176 69254->69165 69255->69176 69485 7ff7ec50042c 69256->69485 69259->69174 69260->69176 69262 7ff7ec4f9422 MultiByteToWideChar 69261->69262 69263 7ff7ec4f9446 69261->69263 69262->69263 69265 7ff7ec4f945c __std_exception_destroy 69262->69265 69264 7ff7ec4f9463 MultiByteToWideChar 69263->69264 69263->69265 69264->69265 69265->69214 69267 7ff7ec505f38 69266->69267 69268 7ff7ec505f5e 69267->69268 69270 7ff7ec505f91 69267->69270 69297 7ff7ec504f78 11 API calls _get_daylight 69268->69297 69272 7ff7ec505fa4 69270->69272 69273 7ff7ec505f97 69270->69273 69271 7ff7ec505f63 69298 7ff7ec50a950 37 API calls _invalid_parameter_noinfo 69271->69298 69285 7ff7ec50ac98 69272->69285 69299 7ff7ec504f78 11 API calls _get_daylight 69273->69299 69277 7ff7ec4f4606 69277->69219 69279 7ff7ec505fc5 69292 7ff7ec50ff3c 69279->69292 69280 7ff7ec505fb8 69300 7ff7ec504f78 11 API calls _get_daylight 69280->69300 69283 7ff7ec505fd8 69301 7ff7ec5054e8 LeaveCriticalSection 69283->69301 69302 7ff7ec510348 EnterCriticalSection 69285->69302 69287 7ff7ec50acaf 69288 7ff7ec50ad0c 19 API calls 69287->69288 69289 7ff7ec50acba 69288->69289 69290 7ff7ec5103a8 _isindst LeaveCriticalSection 69289->69290 69291 7ff7ec505fae 69290->69291 69291->69279 69291->69280 69303 7ff7ec50fc38 69292->69303 69295 7ff7ec50ff96 69295->69283 69297->69271 69298->69277 69299->69277 69300->69277 69308 7ff7ec50fc73 __vcrt_FlsAlloc 69303->69308 69305 7ff7ec50ff11 69322 7ff7ec50a950 37 API calls _invalid_parameter_noinfo 69305->69322 69307 7ff7ec50fe43 69307->69295 69315 7ff7ec516dc4 69307->69315 69313 7ff7ec50fe3a 69308->69313 69318 7ff7ec507aac 51 API calls 3 library calls 69308->69318 69310 7ff7ec50fea5 69310->69313 69319 7ff7ec507aac 51 API calls 3 library calls 69310->69319 69312 7ff7ec50fec4 69312->69313 69320 7ff7ec507aac 51 API calls 3 library calls 69312->69320 69313->69307 69321 7ff7ec504f78 11 API calls _get_daylight 69313->69321 69323 7ff7ec5163c4 69315->69323 69318->69310 69319->69312 69320->69313 69321->69305 69322->69307 69324 7ff7ec5163f9 69323->69324 69325 7ff7ec5163db 69323->69325 69324->69325 69328 7ff7ec516415 69324->69328 69377 7ff7ec504f78 11 API calls _get_daylight 69325->69377 69327 7ff7ec5163e0 69378 7ff7ec50a950 37 API calls _invalid_parameter_noinfo 69327->69378 69334 7ff7ec5169d4 69328->69334 69331 7ff7ec5163ec 69331->69295 69380 7ff7ec516708 69334->69380 69337 7ff7ec516a49 69412 7ff7ec504f58 11 API calls _get_daylight 69337->69412 69338 7ff7ec516a61 69400 7ff7ec508590 69338->69400 69341 7ff7ec516a4e 69413 7ff7ec504f78 11 API calls _get_daylight 69341->69413 69369 7ff7ec516440 69369->69331 69379 7ff7ec508568 LeaveCriticalSection 69369->69379 69377->69327 69378->69331 69381 7ff7ec516734 69380->69381 69389 7ff7ec51674e 69380->69389 69381->69389 69425 7ff7ec504f78 11 API calls _get_daylight 69381->69425 69383 7ff7ec516743 69426 7ff7ec50a950 37 API calls _invalid_parameter_noinfo 69383->69426 69385 7ff7ec51681d 69390 7ff7ec51687a 69385->69390 69431 7ff7ec509be8 37 API calls 2 library calls 69385->69431 69386 7ff7ec5167cc 69386->69385 69429 7ff7ec504f78 11 API calls _get_daylight 69386->69429 69389->69386 69427 7ff7ec504f78 11 API calls _get_daylight 69389->69427 69390->69337 69390->69338 69391 7ff7ec516876 69391->69390 69394 7ff7ec5168f8 69391->69394 69392 7ff7ec516812 69430 7ff7ec50a950 37 API calls _invalid_parameter_noinfo 69392->69430 69432 7ff7ec50a970 17 API calls _isindst 69394->69432 69396 7ff7ec5167c1 69428 7ff7ec50a950 37 API calls _invalid_parameter_noinfo 69396->69428 69433 7ff7ec510348 EnterCriticalSection 69400->69433 69412->69341 69413->69369 69425->69383 69426->69389 69427->69396 69428->69386 69429->69392 69430->69385 69431->69391 69435 7ff7ec50053e 69434->69435 69436 7ff7ec5004fe 69434->69436 69435->69436 69438 7ff7ec50054a 69435->69438 69446 7ff7ec50a884 37 API calls 2 library calls 69436->69446 69445 7ff7ec5054dc EnterCriticalSection 69438->69445 69439 7ff7ec500525 69439->69224 69441 7ff7ec50054f 69442 7ff7ec500658 71 API calls 69441->69442 69443 7ff7ec500561 69442->69443 69444 7ff7ec5054e8 _fread_nolock LeaveCriticalSection 69443->69444 69444->69439 69446->69439 69448 7ff7ec500b7c 69447->69448 69457 7ff7ec50089c 69448->69457 69450 7ff7ec500b9a 69450->69241 69451->69230 69452->69234 69453->69242 69454->69238 69455->69242 69456->69242 69458 7ff7ec5008bc 69457->69458 69459 7ff7ec5008e9 69457->69459 69458->69459 69460 7ff7ec5008c6 69458->69460 69461 7ff7ec5008f1 69458->69461 69459->69450 69471 7ff7ec50a884 37 API calls 2 library calls 69460->69471 69464 7ff7ec5007dc 69461->69464 69472 7ff7ec5054dc EnterCriticalSection 69464->69472 69466 7ff7ec5007f9 69467 7ff7ec50081c 74 API calls 69466->69467 69468 7ff7ec500802 69467->69468 69469 7ff7ec5054e8 _fread_nolock LeaveCriticalSection 69468->69469 69470 7ff7ec50080d 69469->69470 69470->69459 69471->69459 69474 7ff7ec4ffeb3 69473->69474 69475 7ff7ec4ffee1 69473->69475 69484 7ff7ec50a884 37 API calls 2 library calls 69474->69484 69478 7ff7ec4ffed3 69475->69478 69483 7ff7ec5054dc EnterCriticalSection 69475->69483 69478->69250 69479 7ff7ec4ffef8 69480 7ff7ec4fff14 72 API calls 69479->69480 69481 7ff7ec4fff04 69480->69481 69482 7ff7ec5054e8 _fread_nolock LeaveCriticalSection 69481->69482 69482->69478 69484->69478 69486 7ff7ec500456 69485->69486 69497 7ff7ec500424 69485->69497 69487 7ff7ec500465 __scrt_get_show_window_mode 69486->69487 69488 7ff7ec5004a2 69486->69488 69486->69497 69499 7ff7ec504f78 11 API calls _get_daylight 69487->69499 69498 7ff7ec5054dc EnterCriticalSection 69488->69498 69491 7ff7ec5004aa 69493 7ff7ec5001ac _fread_nolock 51 API calls 69491->69493 69492 7ff7ec50047a 69500 7ff7ec50a950 37 API calls _invalid_parameter_noinfo 69492->69500 69495 7ff7ec5004c1 69493->69495 69496 7ff7ec5054e8 _fread_nolock LeaveCriticalSection 69495->69496 69496->69497 69497->69169 69499->69492 69500->69497 69504 7ff7ec504a4e 69501->69504 69502 7ff7ec504a73 69519 7ff7ec50a884 37 API calls 2 library calls 69502->69519 69503 7ff7ec504aaf 69520 7ff7ec502c80 49 API calls _invalid_parameter_noinfo 69503->69520 69504->69502 69504->69503 69507 7ff7ec504a9d 69509 7ff7ec4fc5c0 _log10_special 8 API calls 69507->69509 69508 7ff7ec504b58 69514 7ff7ec504b8c 69508->69514 69517 7ff7ec504b61 69508->69517 69512 7ff7ec4f1cc8 69509->69512 69510 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 69510->69507 69511 7ff7ec504b46 69511->69508 69513 7ff7ec504bb0 69511->69513 69511->69514 69511->69517 69512->69135 69513->69514 69515 7ff7ec504bba 69513->69515 69514->69510 69518 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 69515->69518 69521 7ff7ec50a9b8 69517->69521 69518->69507 69519->69507 69520->69511 69522 7ff7ec50a9bd RtlFreeHeap 69521->69522 69526 7ff7ec50a9ec 69521->69526 69523 7ff7ec50a9d8 GetLastError 69522->69523 69522->69526 69524 7ff7ec50a9e5 Concurrency::details::SchedulerProxy::DeleteThis 69523->69524 69527 7ff7ec504f78 11 API calls _get_daylight 69524->69527 69526->69507 69527->69526 69528->69182 69548 7ff7ec4fc8c0 69529->69548 69532 7ff7ec4f23e5 __scrt_get_show_window_mode 69550 7ff7ec4f25c0 69532->69550 69534 7ff7ec4f242b __scrt_get_show_window_mode 69554 7ff7ec5079dc 69534->69554 69537 7ff7ec5079dc 37 API calls 69538 7ff7ec4f245e 69537->69538 69539 7ff7ec5079dc 37 API calls 69538->69539 69540 7ff7ec4f246b DialogBoxIndirectParamW 69539->69540 69541 7ff7ec4f24a1 __std_exception_destroy 69540->69541 69542 7ff7ec4f24c1 DeleteObject 69541->69542 69543 7ff7ec4f24c7 69541->69543 69542->69543 69544 7ff7ec4f24d3 DestroyIcon 69543->69544 69545 7ff7ec4f24d9 69543->69545 69544->69545 69546 7ff7ec4fc5c0 _log10_special 8 API calls 69545->69546 69547 7ff7ec4f24ea 69546->69547 69547->69194 69549 7ff7ec4f23a9 GetModuleHandleW 69548->69549 69549->69532 69551 7ff7ec4f25e5 69550->69551 69562 7ff7ec504c48 69551->69562 69555 7ff7ec4f2451 69554->69555 69556 7ff7ec5079fa 69554->69556 69555->69537 69556->69555 69582 7ff7ec5104e4 37 API calls 2 library calls 69556->69582 69558 7ff7ec507a29 69558->69555 69559 7ff7ec507a49 69558->69559 69583 7ff7ec50a970 17 API calls _isindst 69559->69583 69563 7ff7ec504ca2 69562->69563 69564 7ff7ec504cc7 69563->69564 69565 7ff7ec504d03 69563->69565 69580 7ff7ec50a884 37 API calls 2 library calls 69564->69580 69581 7ff7ec503000 48 API calls _invalid_parameter_noinfo 69565->69581 69568 7ff7ec504cf1 69571 7ff7ec4fc5c0 _log10_special 8 API calls 69568->69571 69569 7ff7ec504de4 69570 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 69569->69570 69570->69568 69573 7ff7ec4f2604 69571->69573 69572 7ff7ec504d9e 69572->69569 69574 7ff7ec504e0a 69572->69574 69575 7ff7ec504db9 69572->69575 69576 7ff7ec504db0 69572->69576 69573->69534 69574->69569 69577 7ff7ec504e14 69574->69577 69578 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 69575->69578 69576->69569 69576->69575 69579 7ff7ec50a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 69577->69579 69578->69568 69579->69568 69580->69568 69581->69572 69582->69558 69584->69203 69586 7ff7ec4f20c0 69587 7ff7ec4f20d5 69586->69587 69588 7ff7ec4f213b GetWindowLongPtrW 69586->69588 69590 7ff7ec4f20e2 69587->69590 69593 7ff7ec4f210a SetWindowLongPtrW 69587->69593 69596 7ff7ec4f2180 GetDC 69588->69596 69591 7ff7ec4f20f4 EndDialog 69590->69591 69595 7ff7ec4f20fa 69590->69595 69591->69595 69594 7ff7ec4f2124 69593->69594 69597 7ff7ec4f224d 69596->69597 69598 7ff7ec4f21bd 69596->69598 69601 7ff7ec4f2252 MoveWindow MoveWindow MoveWindow MoveWindow 69597->69601 69599 7ff7ec4f21ef SelectObject 69598->69599 69600 7ff7ec4f21fb DrawTextW 69598->69600 69599->69600 69602 7ff7ec4f2225 SelectObject 69600->69602 69603 7ff7ec4f2231 ReleaseDC 69600->69603 69604 7ff7ec4fc5c0 _log10_special 8 API calls 69601->69604 69602->69603 69603->69601 69605 7ff7ec4f2158 InvalidateRect 69604->69605 69605->69595 69606 7ff7ec4fccac 69627 7ff7ec4fce7c 69606->69627 69609 7ff7ec4fcdf8 69776 7ff7ec4fd19c 7 API calls 2 library calls 69609->69776 69610 7ff7ec4fccc8 __scrt_acquire_startup_lock 69612 7ff7ec4fce02 69610->69612 69617 7ff7ec4fcce6 __scrt_release_startup_lock 69610->69617 69777 7ff7ec4fd19c 7 API calls 2 library calls 69612->69777 69614 7ff7ec4fcd0b 69615 7ff7ec4fce0d __GetCurrentState 69616 7ff7ec4fcd91 69633 7ff7ec4fd2e4 69616->69633 69617->69614 69617->69616 69773 7ff7ec509b9c 45 API calls 69617->69773 69619 7ff7ec4fcd96 69636 7ff7ec4f1000 69619->69636 69624 7ff7ec4fcdb9 69624->69615 69775 7ff7ec4fd000 7 API calls 69624->69775 69626 7ff7ec4fcdd0 69626->69614 69628 7ff7ec4fce84 69627->69628 69629 7ff7ec4fce90 __scrt_dllmain_crt_thread_attach 69628->69629 69630 7ff7ec4fce9d 69629->69630 69631 7ff7ec4fccc0 69629->69631 69630->69631 69778 7ff7ec4fd8f8 7 API calls 2 library calls 69630->69778 69631->69609 69631->69610 69779 7ff7ec51a540 69633->69779 69637 7ff7ec4f1009 69636->69637 69781 7ff7ec5054f4 69637->69781 69639 7ff7ec4f37fb 69788 7ff7ec4f36b0 69639->69788 69644 7ff7ec4fc5c0 _log10_special 8 API calls 69647 7ff7ec4f3ca7 69644->69647 69645 7ff7ec4f391b 69649 7ff7ec4f45b0 108 API calls 69645->69649 69646 7ff7ec4f383c 69648 7ff7ec4f1c80 49 API calls 69646->69648 69774 7ff7ec4fd328 GetModuleHandleW 69647->69774 69650 7ff7ec4f385b 69648->69650 69651 7ff7ec4f392b 69649->69651 69860 7ff7ec4f8a20 69650->69860 69653 7ff7ec4f396a 69651->69653 69883 7ff7ec4f7f80 69651->69883 69892 7ff7ec4f2710 54 API calls _log10_special 69653->69892 69656 7ff7ec4f388e 69663 7ff7ec4f38bb __std_exception_destroy 69656->69663 69882 7ff7ec4f8b90 40 API calls __std_exception_destroy 69656->69882 69657 7ff7ec4f395d 69658 7ff7ec4f3984 69657->69658 69659 7ff7ec4f3962 69657->69659 69661 7ff7ec4f1c80 49 API calls 69658->69661 69660 7ff7ec5000bc 74 API calls 69659->69660 69660->69653 69664 7ff7ec4f39a3 69661->69664 69665 7ff7ec4f8a20 14 API calls 69663->69665 69672 7ff7ec4f38de __std_exception_destroy 69663->69672 69669 7ff7ec4f1950 115 API calls 69664->69669 69665->69672 69667 7ff7ec4f3a0b 69895 7ff7ec4f8b90 40 API calls __std_exception_destroy 69667->69895 69671 7ff7ec4f39ce 69669->69671 69670 7ff7ec4f3a17 69896 7ff7ec4f8b90 40 API calls __std_exception_destroy 69670->69896 69671->69650 69674 7ff7ec4f39de 69671->69674 69678 7ff7ec4f390e __std_exception_destroy 69672->69678 69894 7ff7ec4f8b30 40 API calls __std_exception_destroy 69672->69894 69893 7ff7ec4f2710 54 API calls _log10_special 69674->69893 69675 7ff7ec4f3a23 69897 7ff7ec4f8b90 40 API calls __std_exception_destroy 69675->69897 69679 7ff7ec4f8a20 14 API calls 69678->69679 69680 7ff7ec4f3a3b 69679->69680 69681 7ff7ec4f3b2f 69680->69681 69682 7ff7ec4f3a60 __std_exception_destroy 69680->69682 69899 7ff7ec4f2710 54 API calls _log10_special 69681->69899 69696 7ff7ec4f3aab 69682->69696 69898 7ff7ec4f8b30 40 API calls __std_exception_destroy 69682->69898 69684 7ff7ec4f3808 __std_exception_destroy 69684->69644 69686 7ff7ec4f8a20 14 API calls 69687 7ff7ec4f3bf4 __std_exception_destroy 69686->69687 69688 7ff7ec4f3c46 69687->69688 69689 7ff7ec4f3d41 69687->69689 69690 7ff7ec4f3cd4 69688->69690 69691 7ff7ec4f3c50 69688->69691 69904 7ff7ec4f44d0 49 API calls 69689->69904 69694 7ff7ec4f8a20 14 API calls 69690->69694 69900 7ff7ec4f90e0 59 API calls _log10_special 69691->69900 69698 7ff7ec4f3ce0 69694->69698 69695 7ff7ec4f3d4f 69699 7ff7ec4f3d65 69695->69699 69700 7ff7ec4f3d71 69695->69700 69696->69686 69697 7ff7ec4f3c55 69701 7ff7ec4f3cb3 69697->69701 69702 7ff7ec4f3c61 69697->69702 69698->69702 69706 7ff7ec4f3ced 69698->69706 69905 7ff7ec4f4620 69699->69905 69704 7ff7ec4f1c80 49 API calls 69700->69704 69902 7ff7ec4f8850 86 API calls 2 library calls 69701->69902 69901 7ff7ec4f2710 54 API calls _log10_special 69702->69901 69717 7ff7ec4f3d2b __std_exception_destroy 69704->69717 69709 7ff7ec4f1c80 49 API calls 69706->69709 69707 7ff7ec4f3cbb 69712 7ff7ec4f3cbf 69707->69712 69713 7ff7ec4f3cc8 69707->69713 69714 7ff7ec4f3d0b 69709->69714 69710 7ff7ec4f3dc4 69711 7ff7ec4f9400 2 API calls 69710->69711 69715 7ff7ec4f3dd7 SetDllDirectoryW 69711->69715 69712->69702 69713->69717 69716 7ff7ec4f3d12 69714->69716 69714->69717 69721 7ff7ec4f3e0a 69715->69721 69765 7ff7ec4f3e5a 69715->69765 69903 7ff7ec4f2710 54 API calls _log10_special 69716->69903 69717->69710 69718 7ff7ec4f3da7 SetDllDirectoryW LoadLibraryExW 69717->69718 69718->69710 69723 7ff7ec4f8a20 14 API calls 69721->69723 69722 7ff7ec4f3ffc 69725 7ff7ec4f4006 PostMessageW GetMessageW 69722->69725 69726 7ff7ec4f4029 69722->69726 69731 7ff7ec4f3e16 __std_exception_destroy 69723->69731 69724 7ff7ec4f3f1b 69916 7ff7ec4f33c0 121 API calls 2 library calls 69724->69916 69725->69726 69873 7ff7ec4f3360 69726->69873 69728 7ff7ec4f3f23 69728->69684 69729 7ff7ec4f3f2b 69728->69729 69917 7ff7ec4f90c0 LocalFree 69729->69917 69734 7ff7ec4f3ef2 69731->69734 69738 7ff7ec4f3e4e 69731->69738 69915 7ff7ec4f8b30 40 API calls __std_exception_destroy 69734->69915 69738->69765 69908 7ff7ec4f6db0 54 API calls _get_daylight 69738->69908 69741 7ff7ec4f4043 69919 7ff7ec4f6fb0 FreeLibrary 69741->69919 69746 7ff7ec4f404f 69747 7ff7ec4f3e6c 69909 7ff7ec4f7330 117 API calls 2 library calls 69747->69909 69751 7ff7ec4f3e81 69754 7ff7ec4f3ea2 69751->69754 69766 7ff7ec4f3e85 69751->69766 69910 7ff7ec4f6df0 120 API calls _log10_special 69751->69910 69754->69766 69911 7ff7ec4f71a0 125 API calls 69754->69911 69758 7ff7ec4f3eb7 69758->69766 69912 7ff7ec4f74e0 55 API calls 69758->69912 69760 7ff7ec4f3ee0 69914 7ff7ec4f6fb0 FreeLibrary 69760->69914 69765->69722 69765->69724 69766->69765 69913 7ff7ec4f2a50 54 API calls _log10_special 69766->69913 69773->69616 69774->69624 69775->69626 69776->69612 69777->69615 69778->69631 69780 7ff7ec4fd2fb GetStartupInfoW 69779->69780 69780->69619 69782 7ff7ec50f4f0 69781->69782 69784 7ff7ec50f596 69782->69784 69785 7ff7ec50f543 69782->69785 69921 7ff7ec50f3c8 71 API calls _fread_nolock 69784->69921 69920 7ff7ec50a884 37 API calls 2 library calls 69785->69920 69787 7ff7ec50f56c 69787->69639 69789 7ff7ec4fc8c0 69788->69789 69790 7ff7ec4f36bc GetModuleFileNameW 69789->69790 69791 7ff7ec4f3710 69790->69791 69792 7ff7ec4f36eb GetLastError 69790->69792 69922 7ff7ec4f92f0 FindFirstFileExW 69791->69922 69927 7ff7ec4f2c50 51 API calls _log10_special 69792->69927 69795 7ff7ec4f3706 69799 7ff7ec4fc5c0 _log10_special 8 API calls 69795->69799 69797 7ff7ec4f3723 69928 7ff7ec4f9370 CreateFileW GetFinalPathNameByHandleW CloseHandle 69797->69928 69798 7ff7ec4f377d 69930 7ff7ec4f94b0 WideCharToMultiByte WideCharToMultiByte __std_exception_destroy 69798->69930 69802 7ff7ec4f37b5 69799->69802 69802->69684 69810 7ff7ec4f1950 69802->69810 69803 7ff7ec4f3730 69805 7ff7ec4f3734 69803->69805 69806 7ff7ec4f374c __vcrt_FlsAlloc 69803->69806 69804 7ff7ec4f378b 69804->69795 69931 7ff7ec4f2810 49 API calls _log10_special 69804->69931 69929 7ff7ec4f2810 49 API calls _log10_special 69805->69929 69806->69798 69809 7ff7ec4f3745 69809->69795 69811 7ff7ec4f45b0 108 API calls 69810->69811 69812 7ff7ec4f1985 69811->69812 69813 7ff7ec4f1c43 69812->69813 69814 7ff7ec4f7f80 83 API calls 69812->69814 69815 7ff7ec4fc5c0 _log10_special 8 API calls 69813->69815 69816 7ff7ec4f19cb 69814->69816 69817 7ff7ec4f1c5e 69815->69817 69818 7ff7ec500744 73 API calls 69816->69818 69831 7ff7ec4f1a03 69816->69831 69817->69645 69817->69646 69820 7ff7ec4f19e5 69818->69820 69819 7ff7ec5000bc 74 API calls 69819->69813 69821 7ff7ec4f19e9 69820->69821 69822 7ff7ec4f1a08 69820->69822 69932 7ff7ec504f78 11 API calls _get_daylight 69821->69932 69823 7ff7ec50040c _fread_nolock 53 API calls 69822->69823 69825 7ff7ec4f1a20 69823->69825 69827 7ff7ec4f1a45 69825->69827 69828 7ff7ec4f1a26 69825->69828 69826 7ff7ec4f19ee 69933 7ff7ec4f2910 54 API calls _log10_special 69826->69933 69834 7ff7ec4f1a7b 69827->69834 69835 7ff7ec4f1a5c 69827->69835 69934 7ff7ec504f78 11 API calls _get_daylight 69828->69934 69831->69819 69832 7ff7ec4f1a2b 69935 7ff7ec4f2910 54 API calls _log10_special 69832->69935 69836 7ff7ec4f1c80 49 API calls 69834->69836 69936 7ff7ec504f78 11 API calls _get_daylight 69835->69936 69838 7ff7ec4f1a92 69836->69838 69840 7ff7ec4f1c80 49 API calls 69838->69840 69839 7ff7ec4f1a61 69937 7ff7ec4f2910 54 API calls _log10_special 69839->69937 69842 7ff7ec4f1add 69840->69842 69843 7ff7ec500744 73 API calls 69842->69843 69844 7ff7ec4f1b01 69843->69844 69845 7ff7ec4f1b35 69844->69845 69846 7ff7ec4f1b16 69844->69846 69848 7ff7ec50040c _fread_nolock 53 API calls 69845->69848 69938 7ff7ec504f78 11 API calls _get_daylight 69846->69938 69849 7ff7ec4f1b4a 69848->69849 69851 7ff7ec4f1b6f 69849->69851 69852 7ff7ec4f1b50 69849->69852 69850 7ff7ec4f1b1b 69939 7ff7ec4f2910 54 API calls _log10_special 69850->69939 69942 7ff7ec500180 37 API calls 2 library calls 69851->69942 69940 7ff7ec504f78 11 API calls _get_daylight 69852->69940 69856 7ff7ec4f1b55 69941 7ff7ec4f2910 54 API calls _log10_special 69856->69941 69857 7ff7ec4f1b89 69857->69831 69943 7ff7ec4f2710 54 API calls _log10_special 69857->69943 69861 7ff7ec4f8a2a 69860->69861 69862 7ff7ec4f9400 2 API calls 69861->69862 69863 7ff7ec4f8a49 GetEnvironmentVariableW 69862->69863 69864 7ff7ec4f8a66 ExpandEnvironmentStringsW 69863->69864 69865 7ff7ec4f8ab2 69863->69865 69864->69865 69866 7ff7ec4f8a88 69864->69866 69867 7ff7ec4fc5c0 _log10_special 8 API calls 69865->69867 69944 7ff7ec4f94b0 WideCharToMultiByte WideCharToMultiByte __std_exception_destroy 69866->69944 69869 7ff7ec4f8ac4 69867->69869 69869->69656 69870 7ff7ec4f8a9a 69871 7ff7ec4fc5c0 _log10_special 8 API calls 69870->69871 69872 7ff7ec4f8aaa 69871->69872 69872->69656 69945 7ff7ec4f6350 69873->69945 69876 7ff7ec4f3399 69918 7ff7ec4f3670 FreeLibrary 69876->69918 69878 7ff7ec4f3381 69878->69876 70013 7ff7ec4f6040 69878->70013 69880 7ff7ec4f338d 69880->69876 70022 7ff7ec4f61d0 54 API calls 69880->70022 69882->69663 69884 7ff7ec4f7fa4 69883->69884 69885 7ff7ec500744 73 API calls 69884->69885 69890 7ff7ec4f807b __std_exception_destroy 69884->69890 69886 7ff7ec4f7fc0 69885->69886 69886->69890 70076 7ff7ec507938 69886->70076 69888 7ff7ec500744 73 API calls 69891 7ff7ec4f7fd5 69888->69891 69889 7ff7ec50040c _fread_nolock 53 API calls 69889->69891 69890->69657 69891->69888 69891->69889 69891->69890 69892->69684 69893->69684 69894->69667 69895->69670 69896->69675 69897->69678 69898->69696 69899->69684 69900->69697 69901->69684 69902->69707 69903->69684 69904->69695 69906 7ff7ec4f1c80 49 API calls 69905->69906 69907 7ff7ec4f4650 69906->69907 69907->69717 69908->69747 69909->69751 69910->69754 69911->69758 69912->69766 69913->69760 69914->69765 69915->69765 69916->69728 69918->69741 69919->69746 69920->69787 69921->69787 69923 7ff7ec4f932f FindClose 69922->69923 69924 7ff7ec4f9342 69922->69924 69923->69924 69925 7ff7ec4fc5c0 _log10_special 8 API calls 69924->69925 69926 7ff7ec4f371a 69925->69926 69926->69797 69926->69798 69927->69795 69928->69803 69929->69809 69930->69804 69931->69795 69932->69826 69933->69831 69934->69832 69935->69831 69936->69839 69937->69831 69938->69850 69939->69831 69940->69856 69941->69831 69942->69857 69943->69831 69944->69870 69946 7ff7ec4f6365 69945->69946 69947 7ff7ec4f1c80 49 API calls 69946->69947 69948 7ff7ec4f63a1 69947->69948 69949 7ff7ec4f63cd 69948->69949 69950 7ff7ec4f63aa 69948->69950 69951 7ff7ec4f4620 49 API calls 69949->69951 70033 7ff7ec4f2710 54 API calls _log10_special 69950->70033 69954 7ff7ec4f63e5 69951->69954 69953 7ff7ec4f63c3 69958 7ff7ec4fc5c0 _log10_special 8 API calls 69953->69958 69955 7ff7ec4f6403 69954->69955 70034 7ff7ec4f2710 54 API calls _log10_special 69954->70034 70023 7ff7ec4f4550 69955->70023 69960 7ff7ec4f336e 69958->69960 69960->69876 69976 7ff7ec4f64f0 69960->69976 69961 7ff7ec4f641b 69963 7ff7ec4f4620 49 API calls 69961->69963 69962 7ff7ec4f9070 3 API calls 69962->69961 69964 7ff7ec4f6434 69963->69964 69965 7ff7ec4f6459 69964->69965 69966 7ff7ec4f6439 69964->69966 70029 7ff7ec4f9070 69965->70029 70035 7ff7ec4f2710 54 API calls _log10_special 69966->70035 69969 7ff7ec4f6466 69970 7ff7ec4f64b1 69969->69970 69971 7ff7ec4f6472 69969->69971 70037 7ff7ec4f5820 137 API calls 69970->70037 69972 7ff7ec4f9400 2 API calls 69971->69972 69974 7ff7ec4f648a GetLastError 69972->69974 70036 7ff7ec4f2c50 51 API calls _log10_special 69974->70036 70038 7ff7ec4f53f0 69976->70038 69978 7ff7ec4f6516 69979 7ff7ec4f652f 69978->69979 69980 7ff7ec4f651e 69978->69980 70045 7ff7ec4f4c80 69979->70045 70063 7ff7ec4f2710 54 API calls _log10_special 69980->70063 69984 7ff7ec4f653b 70064 7ff7ec4f2710 54 API calls _log10_special 69984->70064 69985 7ff7ec4f654c 69988 7ff7ec4f655c 69985->69988 69990 7ff7ec4f656d 69985->69990 69987 7ff7ec4f652a 69987->69878 70065 7ff7ec4f2710 54 API calls _log10_special 69988->70065 69991 7ff7ec4f659d 69990->69991 69992 7ff7ec4f658c 69990->69992 69994 7ff7ec4f65bd 69991->69994 69995 7ff7ec4f65ac 69991->69995 70066 7ff7ec4f2710 54 API calls _log10_special 69992->70066 70049 7ff7ec4f4d40 69994->70049 70067 7ff7ec4f2710 54 API calls _log10_special 69995->70067 69999 7ff7ec4f65dd 70002 7ff7ec4f65fd 69999->70002 70003 7ff7ec4f65ec 69999->70003 70000 7ff7ec4f65cc 70068 7ff7ec4f2710 54 API calls _log10_special 70000->70068 70005 7ff7ec4f660f 70002->70005 70007 7ff7ec4f6620 70002->70007 70069 7ff7ec4f2710 54 API calls _log10_special 70003->70069 70070 7ff7ec4f2710 54 API calls _log10_special 70005->70070 70010 7ff7ec4f664a 70007->70010 70071 7ff7ec507320 73 API calls 70007->70071 70009 7ff7ec4f6638 70072 7ff7ec507320 73 API calls 70009->70072 70010->69987 70073 7ff7ec4f2710 54 API calls _log10_special 70010->70073 70014 7ff7ec4f6060 70013->70014 70014->70014 70015 7ff7ec4f6089 70014->70015 70020 7ff7ec4f60a0 __std_exception_destroy 70014->70020 70075 7ff7ec4f2710 54 API calls _log10_special 70015->70075 70017 7ff7ec4f6095 70017->69880 70018 7ff7ec4f1470 116 API calls 70018->70020 70019 7ff7ec4f2710 54 API calls 70019->70020 70020->70018 70020->70019 70021 7ff7ec4f61ab 70020->70021 70021->69880 70022->69876 70024 7ff7ec4f455a 70023->70024 70025 7ff7ec4f9400 2 API calls 70024->70025 70026 7ff7ec4f457f 70025->70026 70027 7ff7ec4fc5c0 _log10_special 8 API calls 70026->70027 70028 7ff7ec4f45a7 70027->70028 70028->69961 70028->69962 70030 7ff7ec4f9400 2 API calls 70029->70030 70031 7ff7ec4f9084 LoadLibraryExW 70030->70031 70032 7ff7ec4f90a3 __std_exception_destroy 70031->70032 70032->69969 70033->69953 70034->69955 70035->69953 70036->69953 70037->69953 70040 7ff7ec4f541c 70038->70040 70039 7ff7ec4f5424 70039->69978 70040->70039 70043 7ff7ec4f55c4 70040->70043 70074 7ff7ec506b14 48 API calls 70040->70074 70041 7ff7ec4f5787 __std_exception_destroy 70041->69978 70042 7ff7ec4f47c0 47 API calls 70042->70043 70043->70041 70043->70042 70046 7ff7ec4f4cb0 70045->70046 70047 7ff7ec4fc5c0 _log10_special 8 API calls 70046->70047 70048 7ff7ec4f4d1a 70047->70048 70048->69984 70048->69985 70050 7ff7ec4f4d55 70049->70050 70051 7ff7ec4f1c80 49 API calls 70050->70051 70052 7ff7ec4f4da1 70051->70052 70053 7ff7ec4f4e23 __std_exception_destroy 70052->70053 70054 7ff7ec4f1c80 49 API calls 70052->70054 70056 7ff7ec4fc5c0 _log10_special 8 API calls 70053->70056 70055 7ff7ec4f4de0 70054->70055 70055->70053 70058 7ff7ec4f9400 2 API calls 70055->70058 70057 7ff7ec4f4e6e 70056->70057 70057->69999 70057->70000 70059 7ff7ec4f4df6 70058->70059 70060 7ff7ec4f9400 2 API calls 70059->70060 70061 7ff7ec4f4e0d 70060->70061 70062 7ff7ec4f9400 2 API calls 70061->70062 70062->70053 70063->69987 70064->69987 70065->69987 70066->69987 70067->69987 70068->69987 70069->69987 70070->69987 70071->70009 70072->70010 70073->69987 70074->70040 70075->70017 70077 7ff7ec507968 70076->70077 70080 7ff7ec507444 70077->70080 70079 7ff7ec507981 70079->69891 70081 7ff7ec50745f 70080->70081 70082 7ff7ec50748e 70080->70082 70091 7ff7ec50a884 37 API calls 2 library calls 70081->70091 70090 7ff7ec5054dc EnterCriticalSection 70082->70090 70085 7ff7ec50747f 70085->70079 70086 7ff7ec507493 70087 7ff7ec5074b0 38 API calls 70086->70087 70088 7ff7ec50749f 70087->70088 70089 7ff7ec5054e8 _fread_nolock LeaveCriticalSection 70088->70089 70089->70085 70091->70085 70092 7ff7ec505698 70093 7ff7ec5056b2 70092->70093 70094 7ff7ec5056cf 70092->70094 70117 7ff7ec504f58 11 API calls _get_daylight 70093->70117 70094->70093 70095 7ff7ec5056e2 CreateFileW 70094->70095 70098 7ff7ec505716 70095->70098 70099 7ff7ec50574c 70095->70099 70097 7ff7ec5056b7 70118 7ff7ec504f78 11 API calls _get_daylight 70097->70118 70120 7ff7ec5057ec 59 API calls 3 library calls 70098->70120 70121 7ff7ec505c74 46 API calls 3 library calls 70099->70121 70103 7ff7ec5056bf 70119 7ff7ec50a950 37 API calls _invalid_parameter_noinfo 70103->70119 70104 7ff7ec505724 70107 7ff7ec505741 CloseHandle 70104->70107 70108 7ff7ec50572b CloseHandle 70104->70108 70105 7ff7ec505751 70109 7ff7ec505755 70105->70109 70110 7ff7ec505780 70105->70110 70113 7ff7ec5056ca 70107->70113 70108->70113 70122 7ff7ec504eec 11 API calls 2 library calls 70109->70122 70123 7ff7ec505a34 51 API calls 70110->70123 70114 7ff7ec50575f 70114->70113 70115 7ff7ec50578d 70124 7ff7ec505b70 21 API calls _fread_nolock 70115->70124 70117->70097 70118->70103 70119->70113 70120->70104 70121->70105 70122->70114 70123->70115 70124->70114

                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                        Function 00007FF7EC4F1000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 509COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 0 7ff7ec4f1000-7ff7ec4f3806 call 7ff7ec4ffe88 call 7ff7ec4ffe90 call 7ff7ec4fc8c0 call 7ff7ec505460 call 7ff7ec5054f4 call 7ff7ec4f36b0 14 7ff7ec4f3814-7ff7ec4f3836 call 7ff7ec4f1950 0->14 15 7ff7ec4f3808-7ff7ec4f380f 0->15 20 7ff7ec4f391b-7ff7ec4f3931 call 7ff7ec4f45b0 14->20 21 7ff7ec4f383c-7ff7ec4f3856 call 7ff7ec4f1c80 14->21 16 7ff7ec4f3c97-7ff7ec4f3cb2 call 7ff7ec4fc5c0 15->16 28 7ff7ec4f3933-7ff7ec4f3960 call 7ff7ec4f7f80 20->28 29 7ff7ec4f396a-7ff7ec4f397f call 7ff7ec4f2710 20->29 25 7ff7ec4f385b-7ff7ec4f389b call 7ff7ec4f8a20 21->25 35 7ff7ec4f38c1-7ff7ec4f38cc call 7ff7ec504fa0 25->35 36 7ff7ec4f389d-7ff7ec4f38a3 25->36 38 7ff7ec4f3984-7ff7ec4f39a6 call 7ff7ec4f1c80 28->38 39 7ff7ec4f3962-7ff7ec4f3965 call 7ff7ec5000bc 28->39 40 7ff7ec4f3c8f 29->40 47 7ff7ec4f38d2-7ff7ec4f38e1 call 7ff7ec4f8a20 35->47 48 7ff7ec4f39fc-7ff7ec4f3a2a call 7ff7ec4f8b30 call 7ff7ec4f8b90 * 3 35->48 41 7ff7ec4f38a5-7ff7ec4f38ad 36->41 42 7ff7ec4f38af-7ff7ec4f38bd call 7ff7ec4f8b90 36->42 53 7ff7ec4f39b0-7ff7ec4f39b9 38->53 39->29 40->16 41->42 42->35 57 7ff7ec4f39f4-7ff7ec4f39f7 call 7ff7ec504fa0 47->57 58 7ff7ec4f38e7-7ff7ec4f38ed 47->58 76 7ff7ec4f3a2f-7ff7ec4f3a3e call 7ff7ec4f8a20 48->76 53->53 56 7ff7ec4f39bb-7ff7ec4f39d8 call 7ff7ec4f1950 53->56 56->25 68 7ff7ec4f39de-7ff7ec4f39ef call 7ff7ec4f2710 56->68 57->48 62 7ff7ec4f38f0-7ff7ec4f38fc 58->62 65 7ff7ec4f3905-7ff7ec4f3908 62->65 66 7ff7ec4f38fe-7ff7ec4f3903 62->66 65->57 69 7ff7ec4f390e-7ff7ec4f3916 call 7ff7ec504fa0 65->69 66->62 66->65 68->40 69->76 79 7ff7ec4f3b45-7ff7ec4f3b53 76->79 80 7ff7ec4f3a44-7ff7ec4f3a47 76->80 81 7ff7ec4f3b59-7ff7ec4f3b5d 79->81 82 7ff7ec4f3a67 79->82 80->79 83 7ff7ec4f3a4d-7ff7ec4f3a50 80->83 86 7ff7ec4f3a6b-7ff7ec4f3a90 call 7ff7ec504fa0 81->86 82->86 84 7ff7ec4f3a56-7ff7ec4f3a5a 83->84 85 7ff7ec4f3b14-7ff7ec4f3b17 83->85 84->85 87 7ff7ec4f3a60 84->87 88 7ff7ec4f3b2f-7ff7ec4f3b40 call 7ff7ec4f2710 85->88 89 7ff7ec4f3b19-7ff7ec4f3b1d 85->89 95 7ff7ec4f3a92-7ff7ec4f3aa6 call 7ff7ec4f8b30 86->95 96 7ff7ec4f3aab-7ff7ec4f3ac0 86->96 87->82 97 7ff7ec4f3c7f-7ff7ec4f3c87 88->97 89->88 91 7ff7ec4f3b1f-7ff7ec4f3b2a 89->91 91->86 95->96 99 7ff7ec4f3ac6-7ff7ec4f3aca 96->99 100 7ff7ec4f3be8-7ff7ec4f3bfa call 7ff7ec4f8a20 96->100 97->40 102 7ff7ec4f3ad0-7ff7ec4f3ae8 call 7ff7ec5052c0 99->102 103 7ff7ec4f3bcd-7ff7ec4f3be2 call 7ff7ec4f1940 99->103 108 7ff7ec4f3c2e 100->108 109 7ff7ec4f3bfc-7ff7ec4f3c02 100->109 113 7ff7ec4f3b62-7ff7ec4f3b7a call 7ff7ec5052c0 102->113 114 7ff7ec4f3aea-7ff7ec4f3b02 call 7ff7ec5052c0 102->114 103->99 103->100 115 7ff7ec4f3c31-7ff7ec4f3c40 call 7ff7ec504fa0 108->115 111 7ff7ec4f3c04-7ff7ec4f3c1c 109->111 112 7ff7ec4f3c1e-7ff7ec4f3c2c 109->112 111->115 112->115 125 7ff7ec4f3b7c-7ff7ec4f3b80 113->125 126 7ff7ec4f3b87-7ff7ec4f3b9f call 7ff7ec5052c0 113->126 114->103 122 7ff7ec4f3b08-7ff7ec4f3b0f 114->122 123 7ff7ec4f3c46-7ff7ec4f3c4a 115->123 124 7ff7ec4f3d41-7ff7ec4f3d63 call 7ff7ec4f44d0 115->124 122->103 127 7ff7ec4f3cd4-7ff7ec4f3ce6 call 7ff7ec4f8a20 123->127 128 7ff7ec4f3c50-7ff7ec4f3c5f call 7ff7ec4f90e0 123->128 139 7ff7ec4f3d65-7ff7ec4f3d6f call 7ff7ec4f4620 124->139 140 7ff7ec4f3d71-7ff7ec4f3d82 call 7ff7ec4f1c80 124->140 125->126 135 7ff7ec4f3ba1-7ff7ec4f3ba5 126->135 136 7ff7ec4f3bac-7ff7ec4f3bc4 call 7ff7ec5052c0 126->136 144 7ff7ec4f3d35-7ff7ec4f3d3c 127->144 145 7ff7ec4f3ce8-7ff7ec4f3ceb 127->145 142 7ff7ec4f3cb3-7ff7ec4f3cbd call 7ff7ec4f8850 128->142 143 7ff7ec4f3c61 128->143 135->136 136->103 155 7ff7ec4f3bc6 136->155 153 7ff7ec4f3d87-7ff7ec4f3d96 139->153 140->153 161 7ff7ec4f3cbf-7ff7ec4f3cc6 142->161 162 7ff7ec4f3cc8-7ff7ec4f3ccf 142->162 150 7ff7ec4f3c68 call 7ff7ec4f2710 143->150 144->150 145->144 151 7ff7ec4f3ced-7ff7ec4f3d10 call 7ff7ec4f1c80 145->151 163 7ff7ec4f3c6d-7ff7ec4f3c77 150->163 167 7ff7ec4f3d12-7ff7ec4f3d26 call 7ff7ec4f2710 call 7ff7ec504fa0 151->167 168 7ff7ec4f3d2b-7ff7ec4f3d33 call 7ff7ec504fa0 151->168 158 7ff7ec4f3dc4-7ff7ec4f3dda call 7ff7ec4f9400 153->158 159 7ff7ec4f3d98-7ff7ec4f3d9f 153->159 155->103 171 7ff7ec4f3ddc 158->171 172 7ff7ec4f3de8-7ff7ec4f3e04 SetDllDirectoryW 158->172 159->158 165 7ff7ec4f3da1-7ff7ec4f3da5 159->165 161->150 162->153 163->97 165->158 169 7ff7ec4f3da7-7ff7ec4f3dbe SetDllDirectoryW LoadLibraryExW 165->169 167->163 168->153 169->158 171->172 175 7ff7ec4f3f01-7ff7ec4f3f08 172->175 176 7ff7ec4f3e0a-7ff7ec4f3e19 call 7ff7ec4f8a20 172->176 178 7ff7ec4f3f0e-7ff7ec4f3f15 175->178 179 7ff7ec4f3ffc-7ff7ec4f4004 175->179 189 7ff7ec4f3e32-7ff7ec4f3e3c call 7ff7ec504fa0 176->189 190 7ff7ec4f3e1b-7ff7ec4f3e21 176->190 178->179 182 7ff7ec4f3f1b-7ff7ec4f3f25 call 7ff7ec4f33c0 178->182 183 7ff7ec4f4006-7ff7ec4f4023 PostMessageW GetMessageW 179->183 184 7ff7ec4f4029-7ff7ec4f4034 call 7ff7ec4f36a0 call 7ff7ec4f3360 179->184 182->163 196 7ff7ec4f3f2b-7ff7ec4f3f3f call 7ff7ec4f90c0 182->196 183->184 200 7ff7ec4f4039-7ff7ec4f405b call 7ff7ec4f3670 call 7ff7ec4f6fb0 call 7ff7ec4f6d60 184->200 201 7ff7ec4f3ef2-7ff7ec4f3efc call 7ff7ec4f8b30 189->201 202 7ff7ec4f3e42-7ff7ec4f3e48 189->202 193 7ff7ec4f3e23-7ff7ec4f3e2b 190->193 194 7ff7ec4f3e2d-7ff7ec4f3e2f 190->194 193->194 194->189 209 7ff7ec4f3f64-7ff7ec4f3fa7 call 7ff7ec4f8b30 call 7ff7ec4f8bd0 call 7ff7ec4f6fb0 call 7ff7ec4f6d60 call 7ff7ec4f8ad0 196->209 210 7ff7ec4f3f41-7ff7ec4f3f5e PostMessageW GetMessageW 196->210 201->175 202->201 203 7ff7ec4f3e4e-7ff7ec4f3e54 202->203 207 7ff7ec4f3e56-7ff7ec4f3e58 203->207 208 7ff7ec4f3e5f-7ff7ec4f3e61 203->208 212 7ff7ec4f3e5a 207->212 213 7ff7ec4f3e67-7ff7ec4f3e83 call 7ff7ec4f6db0 call 7ff7ec4f7330 207->213 208->175 208->213 248 7ff7ec4f3fe9-7ff7ec4f3ff7 call 7ff7ec4f1900 209->248 249 7ff7ec4f3fa9-7ff7ec4f3fb3 call 7ff7ec4f9200 209->249 210->209 212->175 227 7ff7ec4f3e85-7ff7ec4f3e8c 213->227 228 7ff7ec4f3e8e-7ff7ec4f3e95 213->228 231 7ff7ec4f3edb-7ff7ec4f3ef0 call 7ff7ec4f2a50 call 7ff7ec4f6fb0 call 7ff7ec4f6d60 227->231 232 7ff7ec4f3eaf-7ff7ec4f3eb9 call 7ff7ec4f71a0 228->232 233 7ff7ec4f3e97-7ff7ec4f3ea4 call 7ff7ec4f6df0 228->233 231->175 242 7ff7ec4f3ec4-7ff7ec4f3ed2 call 7ff7ec4f74e0 232->242 243 7ff7ec4f3ebb-7ff7ec4f3ec2 232->243 233->232 246 7ff7ec4f3ea6-7ff7ec4f3ead 233->246 242->175 256 7ff7ec4f3ed4 242->256 243->231 246->231 248->163 249->248 259 7ff7ec4f3fb5-7ff7ec4f3fca 249->259 256->231 260 7ff7ec4f3fe4 call 7ff7ec4f2a50 259->260 261 7ff7ec4f3fcc-7ff7ec4f3fdf call 7ff7ec4f2710 call 7ff7ec4f1900 259->261 260->248 261->163
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                        • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                        • API String ID: 2776309574-4232158417
                                                                                                                                                                                                        • Opcode ID: c4287787c746abb56e9331fa3c8956d7c4ae80ab217cba986f551fa52fb8bac5
                                                                                                                                                                                                        • Instruction ID: 510f37d932ec907f45eddf1804b43c831b0298a4e9a1de920f03fd8666468518
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c4287787c746abb56e9331fa3c8956d7c4ae80ab217cba986f551fa52fb8bac5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: CF328069E086C251FB25B72194593B9AA99AF46788FC45033DA5D433C2EF3CE56CC332
                                                                                                                                                                                                        Function 00007FF7EC5169D4 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 475 7ff7ec5169d4-7ff7ec516a47 call 7ff7ec516708 478 7ff7ec516a49-7ff7ec516a52 call 7ff7ec504f58 475->478 479 7ff7ec516a61-7ff7ec516a6b call 7ff7ec508590 475->479 484 7ff7ec516a55-7ff7ec516a5c call 7ff7ec504f78 478->484 485 7ff7ec516a6d-7ff7ec516a84 call 7ff7ec504f58 call 7ff7ec504f78 479->485 486 7ff7ec516a86-7ff7ec516aef CreateFileW 479->486 499 7ff7ec516da2-7ff7ec516dc2 484->499 485->484 489 7ff7ec516b6c-7ff7ec516b77 GetFileType 486->489 490 7ff7ec516af1-7ff7ec516af7 486->490 492 7ff7ec516b79-7ff7ec516bb4 GetLastError call 7ff7ec504eec CloseHandle 489->492 493 7ff7ec516bca-7ff7ec516bd1 489->493 495 7ff7ec516b39-7ff7ec516b67 GetLastError call 7ff7ec504eec 490->495 496 7ff7ec516af9-7ff7ec516afd 490->496 492->484 510 7ff7ec516bba-7ff7ec516bc5 call 7ff7ec504f78 492->510 502 7ff7ec516bd9-7ff7ec516bdc 493->502 503 7ff7ec516bd3-7ff7ec516bd7 493->503 495->484 496->495 497 7ff7ec516aff-7ff7ec516b37 CreateFileW 496->497 497->489 497->495 507 7ff7ec516be2-7ff7ec516c37 call 7ff7ec5084a8 502->507 508 7ff7ec516bde 502->508 503->507 513 7ff7ec516c39-7ff7ec516c45 call 7ff7ec516910 507->513 514 7ff7ec516c56-7ff7ec516c87 call 7ff7ec516488 507->514 508->507 510->484 513->514 520 7ff7ec516c47 513->520 521 7ff7ec516c89-7ff7ec516c8b 514->521 522 7ff7ec516c8d-7ff7ec516ccf 514->522 523 7ff7ec516c49-7ff7ec516c51 call 7ff7ec50ab30 520->523 521->523 524 7ff7ec516cf1-7ff7ec516cfc 522->524 525 7ff7ec516cd1-7ff7ec516cd5 522->525 523->499 526 7ff7ec516da0 524->526 527 7ff7ec516d02-7ff7ec516d06 524->527 525->524 529 7ff7ec516cd7-7ff7ec516cec 525->529 526->499 527->526 530 7ff7ec516d0c-7ff7ec516d51 CloseHandle CreateFileW 527->530 529->524 532 7ff7ec516d53-7ff7ec516d81 GetLastError call 7ff7ec504eec call 7ff7ec5086d0 530->532 533 7ff7ec516d86-7ff7ec516d9b 530->533 532->533 533->526
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1617910340-0
                                                                                                                                                                                                        • Opcode ID: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                        • Instruction ID: d4a696cd49a393a92a79f770b374cdcc2cd35c544ba266e75ce75f50025ce6ed
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 07C1F03AB28E4185EB10EFA4C4852AC7761E749BA8FA14237DE2E973D5DF38D411C311
                                                                                                                                                                                                        Function 00007FF7EC4F92F0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2295610775-0
                                                                                                                                                                                                        • Opcode ID: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                        • Instruction ID: 1b13d9a638a689d6d0c34c34ae20b2faa9ed50c90fef8196b7a0e6f37cd24b09
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F6F0C82AA1878286F7B09B60B448766B790AB88338F981336D96D026D4DF7CD05DCA01
                                                                                                                                                                                                        Function 00007FF7EC4F1950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 267 7ff7ec4f1950-7ff7ec4f198b call 7ff7ec4f45b0 270 7ff7ec4f1991-7ff7ec4f19d1 call 7ff7ec4f7f80 267->270 271 7ff7ec4f1c4e-7ff7ec4f1c72 call 7ff7ec4fc5c0 267->271 276 7ff7ec4f1c3b-7ff7ec4f1c3e call 7ff7ec5000bc 270->276 277 7ff7ec4f19d7-7ff7ec4f19e7 call 7ff7ec500744 270->277 281 7ff7ec4f1c43-7ff7ec4f1c4b 276->281 282 7ff7ec4f19e9-7ff7ec4f1a03 call 7ff7ec504f78 call 7ff7ec4f2910 277->282 283 7ff7ec4f1a08-7ff7ec4f1a24 call 7ff7ec50040c 277->283 281->271 282->276 288 7ff7ec4f1a45-7ff7ec4f1a5a call 7ff7ec504f98 283->288 289 7ff7ec4f1a26-7ff7ec4f1a40 call 7ff7ec504f78 call 7ff7ec4f2910 283->289 297 7ff7ec4f1a7b-7ff7ec4f1b05 call 7ff7ec4f1c80 * 2 call 7ff7ec500744 call 7ff7ec504fb4 288->297 298 7ff7ec4f1a5c-7ff7ec4f1a76 call 7ff7ec504f78 call 7ff7ec4f2910 288->298 289->276 311 7ff7ec4f1b0a-7ff7ec4f1b14 297->311 298->276 312 7ff7ec4f1b35-7ff7ec4f1b4e call 7ff7ec50040c 311->312 313 7ff7ec4f1b16-7ff7ec4f1b30 call 7ff7ec504f78 call 7ff7ec4f2910 311->313 318 7ff7ec4f1b6f-7ff7ec4f1b8b call 7ff7ec500180 312->318 319 7ff7ec4f1b50-7ff7ec4f1b6a call 7ff7ec504f78 call 7ff7ec4f2910 312->319 313->276 327 7ff7ec4f1b8d-7ff7ec4f1b99 call 7ff7ec4f2710 318->327 328 7ff7ec4f1b9e-7ff7ec4f1bac 318->328 319->276 327->276 328->276 331 7ff7ec4f1bb2-7ff7ec4f1bb9 328->331 333 7ff7ec4f1bc1-7ff7ec4f1bc7 331->333 334 7ff7ec4f1be0-7ff7ec4f1bef 333->334 335 7ff7ec4f1bc9-7ff7ec4f1bd6 333->335 334->334 336 7ff7ec4f1bf1-7ff7ec4f1bfa 334->336 335->336 337 7ff7ec4f1c0f 336->337 338 7ff7ec4f1bfc-7ff7ec4f1bff 336->338 340 7ff7ec4f1c11-7ff7ec4f1c24 337->340 338->337 339 7ff7ec4f1c01-7ff7ec4f1c04 338->339 339->337 341 7ff7ec4f1c06-7ff7ec4f1c09 339->341 342 7ff7ec4f1c26 340->342 343 7ff7ec4f1c2d-7ff7ec4f1c39 340->343 341->337 344 7ff7ec4f1c0b-7ff7ec4f1c0d 341->344 342->343 343->276 343->333 344->340
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC4F7F80: _fread_nolock.LIBCMT ref: 00007FF7EC4F802A
                                                                                                                                                                                                        • _fread_nolock.LIBCMT ref: 00007FF7EC4F1A1B
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC4F2910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF7EC4F1B6A), ref: 00007FF7EC4F295E
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                        • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                        • API String ID: 2397952137-3497178890
                                                                                                                                                                                                        • Opcode ID: 2905f55c1a3c8d4e6aa49aeeb86a9490fcb65926af6803c34ddd16b54d0a65e3
                                                                                                                                                                                                        • Instruction ID: a4c679547da4d93889342732d399cecc02ff45cdaea09d9ba6976f03a6b9f709
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2905f55c1a3c8d4e6aa49aeeb86a9490fcb65926af6803c34ddd16b54d0a65e3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0381E5B9A0CAC285E720FB24D0553B9A7A4EF49788FD05033E98D43785DE3CE559C722
                                                                                                                                                                                                        Function 00007FF7EC4F2180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                        • String ID: P%
                                                                                                                                                                                                        • API String ID: 2147705588-2959514604
                                                                                                                                                                                                        • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                        • Instruction ID: 382044a4ada30be140be97235ab02702c4ab9577095bc42f5aab03266071ce60
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5E51F776604BA186D6349F26F4182BAF7A1F798B65F004122EFDE43694DF7CD045DB20
                                                                                                                                                                                                        Function 00007FF7EC4F1470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                        • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                        • API String ID: 2050909247-3659356012
                                                                                                                                                                                                        • Opcode ID: c3132dac9269c38c9a1bc21902639ef7b90e150b6d1cafd95d12fa158ba3d24b
                                                                                                                                                                                                        • Instruction ID: 3ddf4c9966cea618df8a10ce275b2fc99ba25a1e6294633bf08cc42adad75c00
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c3132dac9269c38c9a1bc21902639ef7b90e150b6d1cafd95d12fa158ba3d24b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0741EEA9A0868285FB11FB2194017B9E794EF45798FD06433ED0D07B95EF3CE51AC722
                                                                                                                                                                                                        Function 00007FF7EC4F1210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 538 7ff7ec4f1210-7ff7ec4f126d call 7ff7ec4fbdf0 541 7ff7ec4f126f-7ff7ec4f1296 call 7ff7ec4f2710 538->541 542 7ff7ec4f1297-7ff7ec4f12af call 7ff7ec504fb4 538->542 547 7ff7ec4f12d4-7ff7ec4f12e4 call 7ff7ec504fb4 542->547 548 7ff7ec4f12b1-7ff7ec4f12cf call 7ff7ec504f78 call 7ff7ec4f2910 542->548 553 7ff7ec4f12e6-7ff7ec4f1304 call 7ff7ec504f78 call 7ff7ec4f2910 547->553 554 7ff7ec4f1309-7ff7ec4f131b 547->554 561 7ff7ec4f1439-7ff7ec4f146d call 7ff7ec4fbad0 call 7ff7ec504fa0 * 2 548->561 553->561 557 7ff7ec4f1320-7ff7ec4f1345 call 7ff7ec50040c 554->557 567 7ff7ec4f1431 557->567 568 7ff7ec4f134b-7ff7ec4f1355 call 7ff7ec500180 557->568 567->561 568->567 574 7ff7ec4f135b-7ff7ec4f1367 568->574 576 7ff7ec4f1370-7ff7ec4f1398 call 7ff7ec4fa230 574->576 579 7ff7ec4f1416-7ff7ec4f142c call 7ff7ec4f2710 576->579 580 7ff7ec4f139a-7ff7ec4f139d 576->580 579->567 581 7ff7ec4f1411 580->581 582 7ff7ec4f139f-7ff7ec4f13a9 580->582 581->579 584 7ff7ec4f13d4-7ff7ec4f13d7 582->584 585 7ff7ec4f13ab-7ff7ec4f13b9 call 7ff7ec500b4c 582->585 587 7ff7ec4f13d9-7ff7ec4f13e7 call 7ff7ec519ea0 584->587 588 7ff7ec4f13ea-7ff7ec4f13ef 584->588 589 7ff7ec4f13be-7ff7ec4f13c1 585->589 587->588 588->576 591 7ff7ec4f13f5-7ff7ec4f13f8 588->591 594 7ff7ec4f13c3-7ff7ec4f13cd call 7ff7ec500180 589->594 595 7ff7ec4f13cf-7ff7ec4f13d2 589->595 592 7ff7ec4f140c-7ff7ec4f140f 591->592 593 7ff7ec4f13fa-7ff7ec4f13fd 591->593 592->567 593->579 597 7ff7ec4f13ff-7ff7ec4f1407 593->597 594->588 594->595 595->579 597->557
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                        • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                        • API String ID: 2050909247-2813020118
                                                                                                                                                                                                        • Opcode ID: c071fae04400aaba9d8a24e5b62ce610f1ca997db65dc53a1f24edd26e5d05d7
                                                                                                                                                                                                        • Instruction ID: c605d031a9640b768874fc5228e89a5482cd7de33724b4f89f9faf963f681d5c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c071fae04400aaba9d8a24e5b62ce610f1ca997db65dc53a1f24edd26e5d05d7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5451386AA0868241F621BB11A4003BAE695FF86798FD41133FD4E437C5EF3CE419C722
                                                                                                                                                                                                        Function 00007FF7EC4F36B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,00007FF7EC4F3804), ref: 00007FF7EC4F36E1
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF7EC4F3804), ref: 00007FF7EC4F36EB
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC4F2C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF7EC4F3706,?,00007FF7EC4F3804), ref: 00007FF7EC4F2C9E
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC4F2C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7EC4F3706,?,00007FF7EC4F3804), ref: 00007FF7EC4F2D63
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC4F2C50: MessageBoxW.USER32 ref: 00007FF7EC4F2D99
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                        • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                        • API String ID: 3187769757-2863816727
                                                                                                                                                                                                        • Opcode ID: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                        • Instruction ID: 25d1d8ecd3e913afd7adfdd1d8a803d4a4ae39b54728c9320424c010c7d218ed
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8921B569F0CAC241FA20BB20E8053B6A694BF59358FD05233D55DC26E5EE3CE518C722
                                                                                                                                                                                                        Function 00007FF7EC50BACC Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 699 7ff7ec50bacc-7ff7ec50baf2 700 7ff7ec50bb0d-7ff7ec50bb11 699->700 701 7ff7ec50baf4-7ff7ec50bb08 call 7ff7ec504f58 call 7ff7ec504f78 699->701 702 7ff7ec50bee7-7ff7ec50bef3 call 7ff7ec504f58 call 7ff7ec504f78 700->702 703 7ff7ec50bb17-7ff7ec50bb1e 700->703 715 7ff7ec50befe 701->715 722 7ff7ec50bef9 call 7ff7ec50a950 702->722 703->702 706 7ff7ec50bb24-7ff7ec50bb52 703->706 706->702 709 7ff7ec50bb58-7ff7ec50bb5f 706->709 712 7ff7ec50bb78-7ff7ec50bb7b 709->712 713 7ff7ec50bb61-7ff7ec50bb73 call 7ff7ec504f58 call 7ff7ec504f78 709->713 718 7ff7ec50bb81-7ff7ec50bb87 712->718 719 7ff7ec50bee3-7ff7ec50bee5 712->719 713->722 720 7ff7ec50bf01-7ff7ec50bf18 715->720 718->719 723 7ff7ec50bb8d-7ff7ec50bb90 718->723 719->720 722->715 723->713 726 7ff7ec50bb92-7ff7ec50bbb7 723->726 727 7ff7ec50bbb9-7ff7ec50bbbb 726->727 728 7ff7ec50bbea-7ff7ec50bbf1 726->728 730 7ff7ec50bbbd-7ff7ec50bbc4 727->730 731 7ff7ec50bbe2-7ff7ec50bbe8 727->731 732 7ff7ec50bbf3-7ff7ec50bbff call 7ff7ec50d66c 728->732 733 7ff7ec50bbc6-7ff7ec50bbdd call 7ff7ec504f58 call 7ff7ec504f78 call 7ff7ec50a950 728->733 730->731 730->733 735 7ff7ec50bc68-7ff7ec50bc7f 731->735 740 7ff7ec50bc04-7ff7ec50bc1b call 7ff7ec50a9b8 * 2 732->740 764 7ff7ec50bd70 733->764 738 7ff7ec50bcfa-7ff7ec50bd04 call 7ff7ec51398c 735->738 739 7ff7ec50bc81-7ff7ec50bc89 735->739 751 7ff7ec50bd0a-7ff7ec50bd1f 738->751 752 7ff7ec50bd8e 738->752 739->738 743 7ff7ec50bc8b-7ff7ec50bc8d 739->743 760 7ff7ec50bc38-7ff7ec50bc63 call 7ff7ec50c2f4 740->760 761 7ff7ec50bc1d-7ff7ec50bc33 call 7ff7ec504f78 call 7ff7ec504f58 740->761 743->738 747 7ff7ec50bc8f-7ff7ec50bca5 743->747 747->738 753 7ff7ec50bca7-7ff7ec50bcb3 747->753 751->752 757 7ff7ec50bd21-7ff7ec50bd33 GetConsoleMode 751->757 755 7ff7ec50bd93-7ff7ec50bdb3 ReadFile 752->755 753->738 758 7ff7ec50bcb5-7ff7ec50bcb7 753->758 762 7ff7ec50bdb9-7ff7ec50bdc1 755->762 763 7ff7ec50bead-7ff7ec50beb6 GetLastError 755->763 757->752 765 7ff7ec50bd35-7ff7ec50bd3d 757->765 758->738 759 7ff7ec50bcb9-7ff7ec50bcd1 758->759 759->738 766 7ff7ec50bcd3-7ff7ec50bcdf 759->766 760->735 761->764 762->763 768 7ff7ec50bdc7 762->768 771 7ff7ec50beb8-7ff7ec50bece call 7ff7ec504f78 call 7ff7ec504f58 763->771 772 7ff7ec50bed3-7ff7ec50bed6 763->772 773 7ff7ec50bd73-7ff7ec50bd7d call 7ff7ec50a9b8 764->773 765->755 770 7ff7ec50bd3f-7ff7ec50bd61 ReadConsoleW 765->770 766->738 775 7ff7ec50bce1-7ff7ec50bce3 766->775 779 7ff7ec50bdce-7ff7ec50bde3 768->779 781 7ff7ec50bd82-7ff7ec50bd8c 770->781 782 7ff7ec50bd63 GetLastError 770->782 771->764 776 7ff7ec50bd69-7ff7ec50bd6b call 7ff7ec504eec 772->776 777 7ff7ec50bedc-7ff7ec50bede 772->777 773->720 775->738 785 7ff7ec50bce5-7ff7ec50bcf5 775->785 776->764 777->773 779->773 787 7ff7ec50bde5-7ff7ec50bdf0 779->787 781->779 782->776 785->738 792 7ff7ec50be17-7ff7ec50be1f 787->792 793 7ff7ec50bdf2-7ff7ec50be0b call 7ff7ec50b6e4 787->793 796 7ff7ec50be9b-7ff7ec50bea8 call 7ff7ec50b524 792->796 797 7ff7ec50be21-7ff7ec50be33 792->797 799 7ff7ec50be10-7ff7ec50be12 793->799 796->799 800 7ff7ec50be8e-7ff7ec50be96 797->800 801 7ff7ec50be35 797->801 799->773 800->773 803 7ff7ec50be3a-7ff7ec50be41 801->803 804 7ff7ec50be7d-7ff7ec50be88 803->804 805 7ff7ec50be43-7ff7ec50be47 803->805 804->800 806 7ff7ec50be49-7ff7ec50be50 805->806 807 7ff7ec50be63 805->807 806->807 808 7ff7ec50be52-7ff7ec50be56 806->808 809 7ff7ec50be69-7ff7ec50be79 807->809 808->807 810 7ff7ec50be58-7ff7ec50be61 808->810 809->803 811 7ff7ec50be7b 809->811 810->809 811->800
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                        • Opcode ID: ba46bac31fe72f1dd681b3566344db0dd8f54c3f22ac6e326a6392c95ac81308
                                                                                                                                                                                                        • Instruction ID: 104c1074cbd2c0bb750749c4c2b97bacdc4ecb7d93d646a2f0068ccad93cdf59
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ba46bac31fe72f1dd681b3566344db0dd8f54c3f22ac6e326a6392c95ac81308
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B0C1D52A908A8741F761BB1594923BDE750FB81B88FE54133EA4D83791EF7CE855C322
                                                                                                                                                                                                        Function 00007FF7EC4F6350 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                        • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                        • API String ID: 2050909247-2434346643
                                                                                                                                                                                                        • Opcode ID: 113c6b1de756f4b5b5eb6aeb9c43a8ac160651dc44d73755d1f433b83002bd4c
                                                                                                                                                                                                        • Instruction ID: 3c879f3879478bbca0d97f2eb8be3b79f4379899a373fb78ffb14e15e41ae95c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 113c6b1de756f4b5b5eb6aeb9c43a8ac160651dc44d73755d1f433b83002bd4c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A541B539A08AC791EA21FB20E4143E9A759FB55348FD01133DA5C43695DF3CF629C762
                                                                                                                                                                                                        Function 00007FF7EC4F2390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                        • String ID: Unhandled exception in script
                                                                                                                                                                                                        • API String ID: 3081866767-2699770090
                                                                                                                                                                                                        • Opcode ID: dd10c28d74256616f4f20b34f0e4914686707bcd8d030bd0fddff274f11205b5
                                                                                                                                                                                                        • Instruction ID: 18c07209ab407c63f0ee8c8e101ba64afbd774a25ef7b92052154a54419ae096
                                                                                                                                                                                                        • Opcode Fuzzy Hash: dd10c28d74256616f4f20b34f0e4914686707bcd8d030bd0fddff274f11205b5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC31977A609A8189EB20FF21E8553F9A360FF89788F940136EA4D87B55DF3CD505C712
                                                                                                                                                                                                        Function 00007FFB1BB13AB0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: D_do_all_providedDeallocFrozenModule_ObjectSet_
                                                                                                                                                                                                        • String ID: openssl_md_meth_names
                                                                                                                                                                                                        • API String ID: 4100423519-1600430994
                                                                                                                                                                                                        • Opcode ID: 377f0c0f1d187c6f6c3e59a4c7b27003ffe99c0898c3aca503393d1ddc3b5551
                                                                                                                                                                                                        • Instruction ID: 5478f3cfcbf24ee63bc80104817a058876989bb073aef5e20ae4cbd80d2473e6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 377f0c0f1d187c6f6c3e59a4c7b27003ffe99c0898c3aca503393d1ddc3b5551
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 280108F9A09E02C2EA344B31F8453BB63A2FB49779F44A135D94E42AB4EF3CE5458600
                                                                                                                                                                                                        Function 00007FF7EC505698 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1279662727-0
                                                                                                                                                                                                        • Opcode ID: bf36874ab91a00f02a28b4fbd79205fddfb0159c1c162080bddd18248f81d06a
                                                                                                                                                                                                        • Instruction ID: 4fed64926a280806a55f806b27f623742d7deb41a6ec5418642de5a509205c55
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bf36874ab91a00f02a28b4fbd79205fddfb0159c1c162080bddd18248f81d06a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9A41D626E1878183F714EB209515379A360FB947A8FA08336EA5C43AD1EF7CA5E0C725
                                                                                                                                                                                                        Function 00007FF7EC4F20C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1956198572-0
                                                                                                                                                                                                        • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                        • Instruction ID: 87a61c005345014572976612621b9e5059f8382311ecded319c10c8bdf7bed2c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FD118035F0C4C242F660A76AE5443799656EF89784FC49032DB5907B89CD3CD8E4C211
                                                                                                                                                                                                        Function 00007FF7EC4FCCAC Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3251591375-0
                                                                                                                                                                                                        • Opcode ID: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                        • Instruction ID: 565bcae58d72bb2479cd33e6727bf1d7658a5be5f254bc2161e8dfe976d92537
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 13316B29E0C58381FA24BB2494527F99B95AF4238CFD46437D94D8B2DBDE3CA419C273
                                                                                                                                                                                                        Function 00007FF7EC5001AC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                        • Opcode ID: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
                                                                                                                                                                                                        • Instruction ID: d541860d37ae33fa481e2d1e1c4052d5c4a1e29babc9e555e0cbc01544d03eb8
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F151FC2970974246F625BD2594027BAA292AFC4BACFB44736DD7D837C6EF3CD401C622
                                                                                                                                                                                                        Function 00007FF7EC50C1A4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ErrorFileLastPointer
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2976181284-0
                                                                                                                                                                                                        • Opcode ID: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                        • Instruction ID: cea774c80cabb8bf9c9af1465ca7187a15e089f52d5206c5cad6b3cfb19faf61
                                                                                                                                                                                                        • Opcode Fuzzy Hash: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C311C865618A4181EA109B15A805269E351BB45BF4FB44332EE7D877D9DF7CE011C742
                                                                                                                                                                                                        Function 00007FF7EC50A9B8 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RtlFreeHeap.NTDLL(?,?,?,00007FF7EC512D92,?,?,?,00007FF7EC512DCF,?,?,00000000,00007FF7EC513295,?,?,?,00007FF7EC5131C7), ref: 00007FF7EC50A9CE
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF7EC512D92,?,?,?,00007FF7EC512DCF,?,?,00000000,00007FF7EC513295,?,?,?,00007FF7EC5131C7), ref: 00007FF7EC50A9D8
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 485612231-0
                                                                                                                                                                                                        • Opcode ID: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                        • Instruction ID: a490fe7fe7c1e6cbbafb4c23a542ddd78e5606133e5e54447809fafc596c2d6c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0FE04F58F08A0242FF04BBB2584A33992506F88B44BA44432DC1DC62A2EE3C6895C222
                                                                                                                                                                                                        Function 00007FF7EC50ABC8 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,00007FF7EC50AA45,?,?,00000000,00007FF7EC50AAFA), ref: 00007FF7EC50AC36
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF7EC50AA45,?,?,00000000,00007FF7EC50AAFA), ref: 00007FF7EC50AC40
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CloseErrorHandleLast
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 918212764-0
                                                                                                                                                                                                        • Opcode ID: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                        • Instruction ID: 6edd36f5a3ca26cd6fce15d1d2b791cdcc64fbc2e75f356eb75f6c448d28a8d9
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3C210E18F0C64241FE507761985237D9281AF94B98FA94237E91EC73C6EEBCE450C322
                                                                                                                                                                                                        Function 00007FF7EC50BF1C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                        • Opcode ID: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                                        • Instruction ID: 49bcb8c21936a264126df104a012f718bba91dc241c1e7d8b37b90b009ad0ae1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2E41A53690860187FA34EA15A592379B3A4EB56B48FA00132DA8DC76D1DF7DF402CB63
                                                                                                                                                                                                        Function 00007FF7EC4F7F80 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _fread_nolock
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 840049012-0
                                                                                                                                                                                                        • Opcode ID: 9578cb62be41ca4d18d42ef1f4825d70acfd7f05a5d28fd673b41da833071700
                                                                                                                                                                                                        • Instruction ID: 8febad8d456840c74f59542b602557ef41212c8124efc74a2fc671d9c7905651
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9578cb62be41ca4d18d42ef1f4825d70acfd7f05a5d28fd673b41da833071700
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A821C125B0879149FB10BA1264043BADA65BF47BC8FC91432EE0C0B786DF3DE055C222
                                                                                                                                                                                                        Function 00007FF7EC50B9AC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                        • Opcode ID: e965e93cbe1d72adb8351a0dc15ff4730447cd31f91a428760958f4d16ec249d
                                                                                                                                                                                                        • Instruction ID: 28ff609d8a74c63eb2f1db9f5b07fd00cf4d6017ce500d2c102284dca007a450
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e965e93cbe1d72adb8351a0dc15ff4730447cd31f91a428760958f4d16ec249d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8131C325A1864285F7117B55889337DA650EF40B98FE20537EA6D833D2EF7CE841C732
                                                                                                                                                                                                        Function 00007FF7EC506004 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                        • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                        • Instruction ID: 11c8ff2f898b5f9fc0c412386fd6c53dfab330fd09ae63bc3f74f7948fb25e18
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F7116F6AA1864181FA61BF11940237EE364AF45B88FE44032FB4CD7B96EF3CD940C726
                                                                                                                                                                                                        Function 00007FF7EC5163C4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                        • Opcode ID: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                        • Instruction ID: 937d351bb0928aaa65f715acb158a2d44acc267bce1ff115a53b7c42797d51a2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5521D776608E8287D761AF18D48437DB2A0FB84B94FB44236E69D876DADF7CD400CB11
                                                                                                                                                                                                        Function 00007FF7EC50042C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                        • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                        • Instruction ID: ec4e4a8fc68ed69e678a48e428e12c9d94c6d0f5532bc79dc39d4e30bf6e4ef1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1501C829A08B4140F904FF52590227DE692BF85FE4FA84632DE6C97BD6EE3CD411C315
                                                                                                                                                                                                        Function 00007FF7EC4F9070 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC4F9400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7EC4F45E4,00000000,00007FF7EC4F1985), ref: 00007FF7EC4F9439
                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,00007FF7EC4F6466,?,00007FF7EC4F336E), ref: 00007FF7EC4F9092
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2592636585-0
                                                                                                                                                                                                        • Opcode ID: 7140f7c55cf735ced6a4f02887063d730e60c19ae08c919a697b9dfe54228ee6
                                                                                                                                                                                                        • Instruction ID: 2418b1c51fd5807369c3b5b7007ed81817849f49db3657c4dcb0ef2b09de12d0
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7140f7c55cf735ced6a4f02887063d730e60c19ae08c919a697b9dfe54228ee6
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D7D08C15B2868541EA54B767BA4A6399252AB8DBC4E989036EE4D03B5AEC3CC0918B00
                                                                                                                                                                                                        Function 00007FF7EC50D66C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • HeapAlloc.KERNEL32(?,?,?,00007FF7EC500D00,?,?,?,00007FF7EC50236A,?,?,?,?,?,00007FF7EC503B59), ref: 00007FF7EC50D6AA
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AllocHeap
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 4292702814-0
                                                                                                                                                                                                        • Opcode ID: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                        • Instruction ID: 4ddf3768d073d0a1be24bf1ac8d1f28352f2d508aea40b0a1bb343049779b977
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D7F05E09B0934685FE54776158123B5D2904F95BB8FA80332DC2EC53C6EE3CA480C532

                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                        Function 00007FFB1BB118E0 Relevance: 86.1, APIs: 30, Strings: 19, Instructions: 334threadCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Err_LongLong_$Arg_Buffer_$ArgumentOccurredUnsigned$BufferContiguousE_scryptEval_Object_ReleaseStringThread$Bytes_FormatFromKeywordsRestoreSaveSizeUnpack
                                                                                                                                                                                                        • String ID: @$Invalid parameter combination for n, r, p, maxmem.$argument 'n'$argument 'p'$argument 'password'$argument 'r'$argument 'salt'$contiguous buffer$dklen must be greater than 0 and smaller than %d$int$maxmem must be positive and smaller than %d$n is required and must be an unsigned int$n must be a power of 2.$p is required and must be an unsigned int$password is too long.$r is required and must be an unsigned int$salt is required$salt is too long.$scrypt
                                                                                                                                                                                                        • API String ID: 756542180-2474027488
                                                                                                                                                                                                        • Opcode ID: 36ec37feeb5ee737abf4649ddeb70af011d37a650ce3dbdb5c70cbde182c9e32
                                                                                                                                                                                                        • Instruction ID: 9a1d812e60bceae3848b8417a2c041bfc997589234e2cb5f67eeab89c8bf4bde
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 36ec37feeb5ee737abf4649ddeb70af011d37a650ce3dbdb5c70cbde182c9e32
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B3F137A9A08E46C1EA348B36F8443BA63A2FF45BA4F54A135D94D47EB4DF3CE546C700
                                                                                                                                                                                                        Function 00007FF7EC4F8BD0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                                        • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                                        • API String ID: 3832162212-3165540532
                                                                                                                                                                                                        • Opcode ID: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                        • Instruction ID: 8315f42c5154f509423a7d5f38e02f0790928badce97e23e0e6b648e74d441e9
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1FD1B27AA08B8286FB10EF34E8543A9B764FF85B58F901236DA5D47A94DF3CD118C721
                                                                                                                                                                                                        Function 00007FFB1BB112B0 Relevance: 59.8, APIs: 28, Strings: 6, Instructions: 284threadCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Object_$Err_Module_State$Arg_BufferD_fetchDeallocEval_StringThread$Buffer_CheckD_freeD_get_flagsD_up_refDigestInit_exKeywordsMemoryParse_Py_hashtable_getReleaseRestoreSaveSizeTrueUnpackX_new
                                                                                                                                                                                                        • String ID: -fips$Buffer must be single dimension$Strings must be encoded before hashing$name must be a string$object supporting the buffer API required$unsupported hash type %s
                                                                                                                                                                                                        • API String ID: 3546352491-4023171389
                                                                                                                                                                                                        • Opcode ID: 4098f1ea245c7a0d6953eddd9a85024222a19723684d4c67f6b755667cbcfc81
                                                                                                                                                                                                        • Instruction ID: 1b1c26e946a72dfc5cccd6d903d0c6729a27f4f649b158400815c655addb0536
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4098f1ea245c7a0d6953eddd9a85024222a19723684d4c67f6b755667cbcfc81
                                                                                                                                                                                                        • Instruction Fuzzy Hash: ACC118E9A09E82C1EA708B32F45437A63A2FF45BA0F44A131DD4E07EB5DE3DE4458700
                                                                                                                                                                                                        Function 00007FFB1BB11000 Relevance: 49.2, APIs: 23, Strings: 5, Instructions: 219threadCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Module_Object_State$BufferBuffer_D_fetchErr_Eval_ReleaseStringThread$CheckD_freeD_get_flagsD_up_refDeallocDigestInit_exPy_hashtable_getRestoreSaveX_new
                                                                                                                                                                                                        • String ID: -fips$Buffer must be single dimension$Strings must be encoded before hashing$object supporting the buffer API required$unsupported hash type %s
                                                                                                                                                                                                        • API String ID: 4208293270-2451375418
                                                                                                                                                                                                        • Opcode ID: c30780181f431bc1b66cbf98c1626323423250fdb4fd8baf6d6cd0fe520419cb
                                                                                                                                                                                                        • Instruction ID: 388abfa49fef8ff8d88ab20108d7967f4fc4faceba313bb5c635344228cea36b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c30780181f431bc1b66cbf98c1626323423250fdb4fd8baf6d6cd0fe520419cb
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D1911CE9E08E42C1EA748B36F44437B63A6FF96BA1F14E131D94E03E74DE2CE5458600
                                                                                                                                                                                                        Function 00007FFB0B7C1C53 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623763458.00007FFB0B7C1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0B7C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623744061.00007FFB0B7C0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623763458.00007FFB0B842000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623835541.00007FFB0B844000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623862928.00007FFB0B86C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B871000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B877000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B87F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b7c0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: N_free$O_free
                                                                                                                                                                                                        • String ID: ..\s\ssl\tls_srp.c
                                                                                                                                                                                                        • API String ID: 3506937590-1778748169
                                                                                                                                                                                                        • Opcode ID: 7230b134d8cc83c97ee3a1fb64bf6954e5cca318ec74271f826c5bc20e42f3ad
                                                                                                                                                                                                        • Instruction ID: bf167eadc9e84138cdaf42ef3b219d3da430e98a68f842b32e9afc74c32a7f4d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7230b134d8cc83c97ee3a1fb64bf6954e5cca318ec74271f826c5bc20e42f3ad
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1321ED93E1478281F780EF35C8A5FFC2320EB95F48F159631EE5E9A176DE6895D08710
                                                                                                                                                                                                        Function 00007FFB0B7C5C53 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 398COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623763458.00007FFB0B7C1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0B7C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623744061.00007FFB0B7C0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623763458.00007FFB0B842000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623835541.00007FFB0B844000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623862928.00007FFB0B86C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B871000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B877000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B87F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b7c0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: O_clear_flagsO_set_dataO_set_initO_zallocR_newR_set_debugR_set_error
                                                                                                                                                                                                        • String ID: ..\s\ssl\bio_ssl.c$ssl_new
                                                                                                                                                                                                        • API String ID: 3664107999-4057307684
                                                                                                                                                                                                        • Opcode ID: 4fe9d9adf47ecfc145edde16cadadc46be57d833d6aa4bd709a0663bcd577224
                                                                                                                                                                                                        • Instruction ID: 176befa6be4f84fd98ef8fd164816521a0f3cb26dfc0818bdffda0ea1a4f37b3
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4fe9d9adf47ecfc145edde16cadadc46be57d833d6aa4bd709a0663bcd577224
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9A11C4A7B1C78281D745AB39E850EED3B11AF49B54F4CC130D78A82BB7DE2CD8548B00
                                                                                                                                                                                                        Function 00007FFB0B6618A0 Relevance: 13.9, APIs: 9, Instructions: 424COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623328160.00007FFB0B661000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFB0B660000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623310302.00007FFB0B660000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B665000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B6C2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B70E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B712000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B717000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B76F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623528885.00007FFB0B772000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623548443.00007FFB0B774000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b660000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Mem_$FreeSubtypeType_$DataErr_FromKindMallocMemoryReallocUnicode_
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3719493655-0
                                                                                                                                                                                                        • Opcode ID: 0c22d9056acb871eddf48ff6985902c40c9bac8e0db102ec70c3771e64610527
                                                                                                                                                                                                        • Instruction ID: 9b5857e24047de3f4003a93781cb0504b268e8ce2ef5c5a6c5cc89e84eba8290
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0c22d9056acb871eddf48ff6985902c40c9bac8e0db102ec70c3771e64610527
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B402F6F2B0C5428AE7248B39D854E79A6A1EB97744F14D239F64FC67A4EE3CE804D700
                                                                                                                                                                                                        Function 00007FFB1BA61960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627179287.00007FFB1BA61000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BA60000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627156241.00007FFB1BA60000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627202946.00007FFB1BA63000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627227017.00007FFB1BA64000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627252427.00007FFB1BA65000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1ba60000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 313767242-0
                                                                                                                                                                                                        • Opcode ID: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                        • Instruction ID: 8d2ae259a8df4744c202a3600efbd0f65fe17e0f0983fd042e31fcebb764ae11
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B23182B2A18F8199EB608F75E8803ED3761FB44354F44A53ADA4D437A4DF38D148C700
                                                                                                                                                                                                        Function 00007FFB1BABFFF8 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 313767242-0
                                                                                                                                                                                                        • Opcode ID: 2fecce860f879f10186719484648e09ebd74f1c2c6fc6cd1422b5dca5ca7f88c
                                                                                                                                                                                                        • Instruction ID: 5dcd8ab6efb3b470edf96d31354f6d3a3acd13aeda5aa342c1672275d87aea3f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2fecce860f879f10186719484648e09ebd74f1c2c6fc6cd1422b5dca5ca7f88c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1E3180B2619F8196EB609F74E8403ED7362FB84364F44953ADA4D43BA9DF38D548C700
                                                                                                                                                                                                        Function 00007FFB1BB14660 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 313767242-0
                                                                                                                                                                                                        • Opcode ID: 25224388cad249ae954a0cae7f9f0f9120e37e0ebd5a1d480de24fa2e261ae23
                                                                                                                                                                                                        • Instruction ID: 5bcddd5e3b0227b440f0641400dd515d81c94aa1ee10f6daf6acf912d2b556be
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 25224388cad249ae954a0cae7f9f0f9120e37e0ebd5a1d480de24fa2e261ae23
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E1314AA6609F81CAEB709F71E8403EA2365FB84764F409039DA4D47AA8DF3CD6488B10
                                                                                                                                                                                                        Function 00007FFB18B71960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2626311044.00007FFB18B71000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFB18B70000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2626283956.00007FFB18B70000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2626331484.00007FFB18B73000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2626352460.00007FFB18B74000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2626372506.00007FFB18B75000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb18b70000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 313767242-0
                                                                                                                                                                                                        • Opcode ID: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                        • Instruction ID: 02ccc4a66365cd5cf0aaf0c0e7f37f3f1c36316f85e96597d300413d2dbc7a32
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 94313BB6609F8189EB708FB0E8503EE6366FB84754F44403ADA4D47A94DF39D648C718
                                                                                                                                                                                                        Function 00007FFB0B663068 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623328160.00007FFB0B661000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFB0B660000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623310302.00007FFB0B660000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B665000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B6C2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B70E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B712000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B717000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B76F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623528885.00007FFB0B772000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623548443.00007FFB0B774000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b660000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 313767242-0
                                                                                                                                                                                                        • Opcode ID: 14da1239b2aff37f2225a2b2eb9612ff8327347efab586c9ed8106aec9f5eecf
                                                                                                                                                                                                        • Instruction ID: a74fedff975f27fb2ac4054c540d89690b5187ed6407660adb90982019b81b46
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 14da1239b2aff37f2225a2b2eb9612ff8327347efab586c9ed8106aec9f5eecf
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6C3161B2A09B8589EB608F75E8507EDB360FB95744F448039EA4F87BA4DF38D548C704
                                                                                                                                                                                                        Function 00007FFB226552F0 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2628984984.00007FFB22651000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB22650000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2628960612.00007FFB22650000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2629011308.00007FFB22656000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2629036819.00007FFB22659000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb22650000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 313767242-0
                                                                                                                                                                                                        • Opcode ID: 40d573c0dd21a065d9b81eb5e40468c529eab132bf55f054c2ad9a992b3fa41a
                                                                                                                                                                                                        • Instruction ID: ad748d39d34c351014b5588956a2ed2ac70c2aa478eff247546e6d7ec5969a58
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 40d573c0dd21a065d9b81eb5e40468c529eab132bf55f054c2ad9a992b3fa41a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5D313AB3619AC186FB628F70EC543ED6360FB84745F44443ADA8E87A94EFB8D558C700
                                                                                                                                                                                                        Function 00007FFB1AB11960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2626635221.00007FFB1AB11000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB1AB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2626603475.00007FFB1AB10000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2626660804.00007FFB1AB14000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2626681960.00007FFB1AB15000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2626712116.00007FFB1AB16000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1ab10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 313767242-0
                                                                                                                                                                                                        • Opcode ID: 0a57d354b9f48531f5e4b6dcb676abd35c4c55538187d76e763eeca891f7d0db
                                                                                                                                                                                                        • Instruction ID: cdb89d03ea2dc15ede6470a95683e351d06fe92ac7d389b87fd97c8834f98c8b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0a57d354b9f48531f5e4b6dcb676abd35c4c55538187d76e763eeca891f7d0db
                                                                                                                                                                                                        • Instruction Fuzzy Hash: EA314AB6609FC1C9EB708F61F8543EA6769FB84754F44403ADA4D47A89DF3CE6488700
                                                                                                                                                                                                        Function 00007FFB1BA71960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627297181.00007FFB1BA71000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFB1BA70000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627273930.00007FFB1BA70000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627323875.00007FFB1BA73000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627346453.00007FFB1BA75000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1ba70000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 313767242-0
                                                                                                                                                                                                        • Opcode ID: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                        • Instruction ID: e944b0e6abf289c657d348bdec84aa0e78910ec456e368a29325401a8ed93e33
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 373190B2618F8199EB608F71E8803ED73A2FB84754F44913ADA4E43BA4DF39D249C700
                                                                                                                                                                                                        Function 00007FFB18B81960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2626415246.00007FFB18B81000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFB18B80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2626393507.00007FFB18B80000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2626438449.00007FFB18B83000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2626459172.00007FFB18B85000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb18b80000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 313767242-0
                                                                                                                                                                                                        • Opcode ID: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                        • Instruction ID: 389a04d9bc7f97534b90c263ca65e4ddc887536e5fca4f9c6be3c24656abfc16
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 16315CB660AE8189EB708F70F8503EE7365FB89754F54403ADA4D47AA4DF39D648C708
                                                                                                                                                                                                        Function 00007FFB167E1960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2625722486.00007FFB167E1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FFB167E0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2625701520.00007FFB167E0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2625745368.00007FFB167E6000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2625766971.00007FFB167EB000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb167e0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 313767242-0
                                                                                                                                                                                                        • Opcode ID: 26897df24f70a55c30b919b36952ff972a20fdcb0ee0bee13c52e1828fe953fd
                                                                                                                                                                                                        • Instruction ID: 7817ffa26859f9885ca997aa6d1a34ed0f0fc1577300f36dda6e33eb3a04cf96
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 26897df24f70a55c30b919b36952ff972a20fdcb0ee0bee13c52e1828fe953fd
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 12315AB2608E918AEB609F70E8607FD7362FB84759F44443ADA4E47A98DF38D64CC710
                                                                                                                                                                                                        Function 00007FF7EC4F83B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,00007FF7EC4F8B09,00007FF7EC4F3FA5), ref: 00007FF7EC4F841B
                                                                                                                                                                                                        • RemoveDirectoryW.KERNEL32(?,00007FF7EC4F8B09,00007FF7EC4F3FA5), ref: 00007FF7EC4F849E
                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,00007FF7EC4F8B09,00007FF7EC4F3FA5), ref: 00007FF7EC4F84BD
                                                                                                                                                                                                        • FindNextFileW.KERNEL32(?,00007FF7EC4F8B09,00007FF7EC4F3FA5), ref: 00007FF7EC4F84CB
                                                                                                                                                                                                        • FindClose.KERNEL32(?,00007FF7EC4F8B09,00007FF7EC4F3FA5), ref: 00007FF7EC4F84DC
                                                                                                                                                                                                        • RemoveDirectoryW.KERNEL32(?,00007FF7EC4F8B09,00007FF7EC4F3FA5), ref: 00007FF7EC4F84E5
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                        • String ID: %s\*
                                                                                                                                                                                                        • API String ID: 1057558799-766152087
                                                                                                                                                                                                        • Opcode ID: 754801c57d3e7d892bd8d831a0c0450fb277ac1fd7854ad2b3e1f46bb6674256
                                                                                                                                                                                                        • Instruction ID: e04143590983632856e2d20e585d9227ef14e35940f5e0ed4ac95c426c4edefb
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 754801c57d3e7d892bd8d831a0c0450fb277ac1fd7854ad2b3e1f46bb6674256
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3F41A525A0CA8281EB30BB10E4487B9A764FB97758FD01233D99D47694EF3CD55DC712
                                                                                                                                                                                                        Function 00007FFB0B6612F0 Relevance: 10.8, APIs: 7, Instructions: 347COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623328160.00007FFB0B661000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFB0B660000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623310302.00007FFB0B660000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B665000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B6C2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B70E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B712000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B717000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B76F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623528885.00007FFB0B772000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623548443.00007FFB0B774000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b660000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Mem_$MallocSubtypeType_$DeallocErr_FreeMemory
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 4139299733-0
                                                                                                                                                                                                        • Opcode ID: 35a4b164d7d926b41929bb2b2ac8d3737955662c15fe271b4beba82657301c78
                                                                                                                                                                                                        • Instruction ID: b2a98cd4be9b63aac38cb812ba8db8232f140cf8e344b9001a2d130bb5992325
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 35a4b164d7d926b41929bb2b2ac8d3737955662c15fe271b4beba82657301c78
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A1E1CDF2E1C5528AEA248B39D814E79A6A5FB53794F14913DFA4FD37A0DE2CE841C700
                                                                                                                                                                                                        Function 00007FF7EC4FD19C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3140674995-0
                                                                                                                                                                                                        • Opcode ID: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                        • Instruction ID: 0ceb7b702380f074384415ab0ff828ee7afae4ec6a8d604ca7ec3cb3d2867a59
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F9316576608F8185EB60AF60E8843EEB364FB85708F54403ADA4D47B99EF3CD558C721
                                                                                                                                                                                                        Function 00007FF7EC515C70 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF7EC515CB5
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC515608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7EC51561C
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC50A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF7EC512D92,?,?,?,00007FF7EC512DCF,?,?,00000000,00007FF7EC513295,?,?,?,00007FF7EC5131C7), ref: 00007FF7EC50A9CE
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC50A9B8: GetLastError.KERNEL32(?,?,?,00007FF7EC512D92,?,?,?,00007FF7EC512DCF,?,?,00000000,00007FF7EC513295,?,?,?,00007FF7EC5131C7), ref: 00007FF7EC50A9D8
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC50A970: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7EC50A94F,?,?,?,?,?,00007FF7EC50A83A), ref: 00007FF7EC50A979
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC50A970: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7EC50A94F,?,?,?,?,?,00007FF7EC50A83A), ref: 00007FF7EC50A99E
                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF7EC515CA4
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC515668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7EC51567C
                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF7EC515F1A
                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF7EC515F2B
                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF7EC515F3C
                                                                                                                                                                                                        • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7EC51617C), ref: 00007FF7EC515F63
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 4070488512-0
                                                                                                                                                                                                        • Opcode ID: 0c9ae4c43809035ead388df1149d8e15e4647e923e6de7bb59d770bfc2eeda5e
                                                                                                                                                                                                        • Instruction ID: 3afb89013d4a831a1228d03680329b42126451f7edd194fc92335f5c39489aa7
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0c9ae4c43809035ead388df1149d8e15e4647e923e6de7bb59d770bfc2eeda5e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 96D1D26AE08A4286E720BF25D8453B9E751EF44B94FE08137EA0D47796EF3CE441C762
                                                                                                                                                                                                        Function 00007FF7EC50A684 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1239891234-0
                                                                                                                                                                                                        • Opcode ID: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                        • Instruction ID: d6880ce3f865e99545ea4c4a169b19b824990e454c0227b7c5d86356a71a0927
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4F31A736618F8185EB20DF24E8443AEB3A4FB88758FA40136EA9D43B95EF3CC555C711
                                                                                                                                                                                                        Function 00007FFB1AB12150 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 125COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2626635221.00007FFB1AB11000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB1AB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2626603475.00007FFB1AB10000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2626660804.00007FFB1AB14000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2626681960.00007FFB1AB15000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2626712116.00007FFB1AB16000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1ab10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: memset$_wassert
                                                                                                                                                                                                        • String ID: hs->curlen < BLOCK_SIZE$src/SHA1.c
                                                                                                                                                                                                        • API String ID: 3746435480-330188172
                                                                                                                                                                                                        • Opcode ID: ec1bbc4525a17b2e5544630095f9eeea00682da089bfad3eed65e714ba66035c
                                                                                                                                                                                                        • Instruction ID: 9862c3e48f01fc192df21501d327a66a135f984cb9017553eb25f86500f6ce56
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ec1bbc4525a17b2e5544630095f9eeea00682da089bfad3eed65e714ba66035c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8151C2672192D08FC309CF7D95400AD7F71E766B0870CC0AAEB948B74BCA28E669C771
                                                                                                                                                                                                        Function 00007FF7EC5118E4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2227656907-0
                                                                                                                                                                                                        • Opcode ID: 2ef3c37f04818ead7d44404f95bcb0bbc346a7a2ea351082cea4bee254bbf61c
                                                                                                                                                                                                        • Instruction ID: 628e0375265ee4fe3bdefd50a2275473192a040bb098a70e7ac6900acfc2e2e1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2ef3c37f04818ead7d44404f95bcb0bbc346a7a2ea351082cea4bee254bbf61c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 40B1E92AB18E9241EE61AB2195083BAE390EB44BE4FA44173FD5D47BD5EF3CE841C311
                                                                                                                                                                                                        Function 00007FFB0B816C40 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 99COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CRYPTO_realloc.LIBCRYPTO-3(?,?,?,00007FFB0B816F5A,?,?,?,00007FFB0B816A2E), ref: 00007FFB0B816D55
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623763458.00007FFB0B7C1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0B7C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623744061.00007FFB0B7C0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623763458.00007FFB0B842000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623835541.00007FFB0B844000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623862928.00007FFB0B86C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B871000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B877000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B87F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b7c0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: O_realloc
                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_cust.c$3$t3
                                                                                                                                                                                                        • API String ID: 3931833713-171970420
                                                                                                                                                                                                        • Opcode ID: 9da2ee7f6ed94abba490b0466ec77b29cf4090a823a2c5c8fbc810d45b3f436b
                                                                                                                                                                                                        • Instruction ID: 95d341b3a0dd56af0895f8f4e96a4459e44e981006e7d65d7465ebb6f63e7305
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9da2ee7f6ed94abba490b0466ec77b29cf4090a823a2c5c8fbc810d45b3f436b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1A4164B2A06B8285EB648B29D480E79B7A4FF44784F54C535DE8E83775EE3DD492C700
                                                                                                                                                                                                        Function 00007FF7EC515EEC Relevance: 6.1, APIs: 4, Instructions: 143timeCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF7EC515F1A
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC515668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7EC51567C
                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF7EC515F2B
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC515608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7EC51561C
                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF7EC515F3C
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC515638: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7EC51564C
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC50A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF7EC512D92,?,?,?,00007FF7EC512DCF,?,?,00000000,00007FF7EC513295,?,?,?,00007FF7EC5131C7), ref: 00007FF7EC50A9CE
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC50A9B8: GetLastError.KERNEL32(?,?,?,00007FF7EC512D92,?,?,?,00007FF7EC512DCF,?,?,00000000,00007FF7EC513295,?,?,?,00007FF7EC5131C7), ref: 00007FF7EC50A9D8
                                                                                                                                                                                                        • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7EC51617C), ref: 00007FF7EC515F63
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3458911817-0
                                                                                                                                                                                                        • Opcode ID: 4f5f64917f1a6fb99e16ec8d4eadf885fc2e5ee96e92320975b551feff7f9d51
                                                                                                                                                                                                        • Instruction ID: ef3e72584bc56e2ba860a53bb3753ba475f758e83f0ac94abdf729e42021374e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4f5f64917f1a6fb99e16ec8d4eadf885fc2e5ee96e92320975b551feff7f9d51
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1E51A77AA08A4286E710FF25D8856A9E760FB48784FE04137EA4D47796DF3CE441C761
                                                                                                                                                                                                        Function 00007FFB0B7F4C28 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623763458.00007FFB0B7C1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0B7C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623744061.00007FFB0B7C0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623763458.00007FFB0B842000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623835541.00007FFB0B844000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623862928.00007FFB0B86C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B871000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B877000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B87F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b7c0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: O_freeX_free
                                                                                                                                                                                                        • String ID: ..\s\ssl\t1_lib.c
                                                                                                                                                                                                        • API String ID: 2813942177-1643863364
                                                                                                                                                                                                        • Opcode ID: 2a3851bc6b421121bf5fc61dc6196838e5aba41983eeb31f72922d5ab2d269f7
                                                                                                                                                                                                        • Instruction ID: bb957e5b28af7c1aedd8b54c5e50ee2def7bff0ba72f9663b5d37e65c9f84153
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2a3851bc6b421121bf5fc61dc6196838e5aba41983eeb31f72922d5ab2d269f7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E9F030D1F0920382EA14A736D451FB82190AF45F80F54D035D90FC6BF2EE1CA591DB00
                                                                                                                                                                                                        Function 00007FFB22652E00 Relevance: 4.5, APIs: 3, Instructions: 42sleepCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FFB2265368D,?,00000001,00000000,00007FFB22652B10), ref: 00007FFB22652E4A
                                                                                                                                                                                                        • GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FFB2265368D,?,00000001,00000000,00007FFB22652B10), ref: 00007FFB22652E94
                                                                                                                                                                                                        • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,00007FFB2265368D,?,00000001,00000000,00007FFB22652B10), ref: 00007FFB22652EC2
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2628984984.00007FFB22651000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB22650000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2628960612.00007FFB22650000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2629011308.00007FFB22656000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2629036819.00007FFB22659000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb22650000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InfoSleepSystemabort
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3812989525-0
                                                                                                                                                                                                        • Opcode ID: 356e883e78af41a95903e3fe84684237f5ddaaae80b9a3ed4a034d8e13ef1f18
                                                                                                                                                                                                        • Instruction ID: 32d425093a1bdcfbcf53ee94a9e481b8ce1ef4a651e814cd6774210b60300efd
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 356e883e78af41a95903e3fe84684237f5ddaaae80b9a3ed4a034d8e13ef1f18
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B321BBB2A29AC286FB57CB70EC5432672A0BF54714F900739C55DD6AA0DFFCA4A5C740
                                                                                                                                                                                                        Function 00007FFB1BB16244 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: O_memcmp
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2788248766-0
                                                                                                                                                                                                        • Opcode ID: 3c91d392fe458c5e385305ef7a33c0d5356447ef2fb533f0360ca3d90de536d8
                                                                                                                                                                                                        • Instruction ID: c9407dc8f038563b2dbc9b1a60f7ee6254c6d56157f8c14b04cc0e73e8a96025
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3c91d392fe458c5e385305ef7a33c0d5356447ef2fb533f0360ca3d90de536d8
                                                                                                                                                                                                        • Instruction Fuzzy Hash: DAD0C292F14B8982CE1CC7A7FE804A89153ABACBE074DC035AE0D83B65C82CC4D14500
                                                                                                                                                                                                        Function 00007FF7EC4F5820 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF7EC4F64BF,?,00007FF7EC4F336E), ref: 00007FF7EC4F5830
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF7EC4F64BF,?,00007FF7EC4F336E), ref: 00007FF7EC4F5842
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF7EC4F64BF,?,00007FF7EC4F336E), ref: 00007FF7EC4F5879
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF7EC4F64BF,?,00007FF7EC4F336E), ref: 00007FF7EC4F588B
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF7EC4F64BF,?,00007FF7EC4F336E), ref: 00007FF7EC4F58A4
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF7EC4F64BF,?,00007FF7EC4F336E), ref: 00007FF7EC4F58B6
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF7EC4F64BF,?,00007FF7EC4F336E), ref: 00007FF7EC4F58CF
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF7EC4F64BF,?,00007FF7EC4F336E), ref: 00007FF7EC4F58E1
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF7EC4F64BF,?,00007FF7EC4F336E), ref: 00007FF7EC4F58FD
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF7EC4F64BF,?,00007FF7EC4F336E), ref: 00007FF7EC4F590F
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF7EC4F64BF,?,00007FF7EC4F336E), ref: 00007FF7EC4F592B
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF7EC4F64BF,?,00007FF7EC4F336E), ref: 00007FF7EC4F593D
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF7EC4F64BF,?,00007FF7EC4F336E), ref: 00007FF7EC4F5959
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF7EC4F64BF,?,00007FF7EC4F336E), ref: 00007FF7EC4F596B
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF7EC4F64BF,?,00007FF7EC4F336E), ref: 00007FF7EC4F5987
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF7EC4F64BF,?,00007FF7EC4F336E), ref: 00007FF7EC4F5999
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF7EC4F64BF,?,00007FF7EC4F336E), ref: 00007FF7EC4F59B5
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF7EC4F64BF,?,00007FF7EC4F336E), ref: 00007FF7EC4F59C7
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AddressErrorLastProc
                                                                                                                                                                                                        • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                        • API String ID: 199729137-653951865
                                                                                                                                                                                                        • Opcode ID: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                        • Instruction ID: a8f76c8b1e4070cd155d3791696b43fa1f1a98e5e34eaa347a9867ea36caf978
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                        • Instruction Fuzzy Hash: BC22C47CA09F5B95FA05FB64A858374A7A4BF05785FE42037D81E02260EF3DB168C266
                                                                                                                                                                                                        Function 00007FF7EC4F76B0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AddressErrorLastProc
                                                                                                                                                                                                        • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                        • API String ID: 199729137-3427451314
                                                                                                                                                                                                        • Opcode ID: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                        • Instruction ID: 3a7288998a9cf5efb87047e8faf23c8180dd0d435549f9c57553f78ea1a873ce
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4302E86C90DF47C5FA05BB65A8187B8A765AF0A758FE01037D45E02264EF7CB258C237
                                                                                                                                                                                                        Function 00007FFB1BAB1030 Relevance: 64.9, APIs: 20, Strings: 17, Instructions: 195COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • PyModule_GetState.PYTHON312 ref: 00007FFB1BAB1042
                                                                                                                                                                                                        • PyUnicode_InternFromString.PYTHON312 ref: 00007FFB1BAB1052
                                                                                                                                                                                                        • PyType_FromModuleAndSpec.PYTHON312 ref: 00007FFB1BAB1072
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BAB143C: PyDescr_NewGetSet.PYTHON312(?,?,?,00007FFB1BAB108C), ref: 00007FFB1BAB14A4
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BAB143C: PyDict_SetDefault.PYTHON312(?,?,?,00007FFB1BAB108C), ref: 00007FFB1BAB14C3
                                                                                                                                                                                                        • PyErr_NewException.PYTHON312 ref: 00007FFB1BAB10A0
                                                                                                                                                                                                        • PyModule_AddObjectRef.PYTHON312 ref: 00007FFB1BAB10C0
                                                                                                                                                                                                        • PyModule_AddObjectRef.PYTHON312 ref: 00007FFB1BAB10DC
                                                                                                                                                                                                        • PyModule_AddObjectRef.PYTHON312 ref: 00007FFB1BAB10F7
                                                                                                                                                                                                        • PyModule_AddStringConstant.PYTHON312 ref: 00007FFB1BAB1116
                                                                                                                                                                                                        • Py_BuildValue.PYTHON312 ref: 00007FFB1BAB1138
                                                                                                                                                                                                        • PyModule_AddObject.PYTHON312 ref: 00007FFB1BAB114E
                                                                                                                                                                                                        • PyModule_AddStringConstant.PYTHON312 ref: 00007FFB1BAB116D
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BAB1BD0: PyDict_New.PYTHON312(?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAB1C01
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BAB1BD0: PyDict_New.PYTHON312(?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAB1C13
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BAB1BD0: PyModule_AddStringConstant.PYTHON312(?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAB1C6C
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BAB1BD0: PyModule_AddObjectRef.PYTHON312(?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAC0E97
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BAB15C4: PyModule_AddStringConstant.PYTHON312(?,?,00000000,00007FFB1BAB1193), ref: 00007FFB1BAB15F9
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BAB15C4: PyModule_AddIntConstant.PYTHON312(?,?,00000000,00007FFB1BAB1193), ref: 00007FFB1BAB1615
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BAB15C4: PyModule_AddIntConstant.PYTHON312(?,?,00000000,00007FFB1BAB1193), ref: 00007FFB1BAB1631
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BAB15C4: PyModule_AddIntConstant.PYTHON312(?,?,00000000,00007FFB1BAB1193), ref: 00007FFB1BAB164D
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BAB15C4: PyModule_AddIntConstant.PYTHON312(?,?,00000000,00007FFB1BAB1193), ref: 00007FFB1BAB1669
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BAB15C4: PyModule_AddIntConstant.PYTHON312(?,?,00000000,00007FFB1BAB1193), ref: 00007FFB1BAB1685
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BAB15C4: PyModule_AddIntConstant.PYTHON312(?,?,00000000,00007FFB1BAB1193), ref: 00007FFB1BAB16A1
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BAB15C4: PyModule_AddIntConstant.PYTHON312(?,?,00000000,00007FFB1BAB1193), ref: 00007FFB1BAB16B8
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BAB15C4: PyModule_AddIntConstant.PYTHON312(?,?,00000000,00007FFB1BAB1193), ref: 00007FFB1BAB16D0
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BAB15C4: PyModule_AddIntConstant.PYTHON312(?,?,00000000,00007FFB1BAB1193), ref: 00007FFB1BAB16E8
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BAB15C4: PyModule_AddIntConstant.PYTHON312(?,?,00000000,00007FFB1BAB1193), ref: 00007FFB1BAB1700
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BAB136C: PyList_New.PYTHON312(?,?,00000000,00007FFB1BAB11A3), ref: 00007FFB1BAB1389
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BAB136C: Py_BuildValue.PYTHON312(?,?,00000000,00007FFB1BAB11A3), ref: 00007FFB1BAB13B7
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BAB136C: PyList_Append.PYTHON312(?,?,00000000,00007FFB1BAB11A3), ref: 00007FFB1BAB13CF
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BAB136C: PyModule_AddObject.PYTHON312(?,?,00000000,00007FFB1BAB11A3), ref: 00007FFB1BAB140D
                                                                                                                                                                                                        • PyModule_AddIntConstant.PYTHON312 ref: 00007FFB1BAB11B8
                                                                                                                                                                                                        • PyModule_AddIntConstant.PYTHON312 ref: 00007FFB1BAB11D4
                                                                                                                                                                                                        • PyModule_AddIntConstant.PYTHON312 ref: 00007FFB1BAB11EF
                                                                                                                                                                                                        • PyMem_Malloc.PYTHON312 ref: 00007FFB1BAB1202
                                                                                                                                                                                                        • PyCapsule_New.PYTHON312 ref: 00007FFB1BAB1327
                                                                                                                                                                                                        • PyModule_AddObject.PYTHON312 ref: 00007FFB1BAB1346
                                                                                                                                                                                                        • _Py_Dealloc.PYTHON312 ref: 00007FFB1BAC0563
                                                                                                                                                                                                        • PyErr_NoMemory.PYTHON312 ref: 00007FFB1BAC056F
                                                                                                                                                                                                        • PyMem_Free.PYTHON312 ref: 00007FFB1BAC057E
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Module_$Constant$Object$String$Dict_$BuildErr_FromList_Mem_Value$AppendCapsule_DeallocDefaultDescr_ExceptionFreeInternMallocMemoryModuleSpecStateType_Unicode_
                                                                                                                                                                                                        • String ID: (iii)$EXPAT_VERSION$ExpatError$UTF-8$XMLParserType$XML_PARAM_ENTITY_PARSING_ALWAYS$XML_PARAM_ENTITY_PARSING_NEVER$XML_PARAM_ENTITY_PARSING_UNLESS_STANDALONE$error$expat_2.5.0$expat_CAPI$native_encoding$pyexpat.expat_CAPI$pyexpat.expat_CAPI 1.1$read$version_info$xml.parsers.expat.ExpatError
                                                                                                                                                                                                        • API String ID: 774421988-1039362492
                                                                                                                                                                                                        • Opcode ID: 51c393496a7acfa9ff588f5efa1f20cde9990ad107e47195fd0ddc373e5ffba9
                                                                                                                                                                                                        • Instruction ID: de463a844c154da68cae35ef8282a9b4d2c1d8d23dc853ce92591fcf06456558
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 51c393496a7acfa9ff588f5efa1f20cde9990ad107e47195fd0ddc373e5ffba9
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1AA1BBF5A29F0296EA548B32EA501A533A6FF45BA4F44E235CA5D42770EF3CF154C340
                                                                                                                                                                                                        Function 00007FFB1BAB56D0 Relevance: 63.4, APIs: 31, Strings: 5, Instructions: 351COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DeallocDecodeUnicode_$CallDict_Err_ItemObject_Occurred$BuildErrorList_Tuple_ValueWith
                                                                                                                                                                                                        • String ID: (NN)$CharacterData$D:\a\1\s\Modules\pyexpat.c$StartElement$strict
                                                                                                                                                                                                        • API String ID: 3905521383-2450736762
                                                                                                                                                                                                        • Opcode ID: 3ce352c585c694670317bb4a0414cbcac0e9e4d346b7b6d1651fff0df484f798
                                                                                                                                                                                                        • Instruction ID: b3c1004eb700fa0c48b6505413aceb57baa24d531e0aec13d8ad589626840a48
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3ce352c585c694670317bb4a0414cbcac0e9e4d346b7b6d1651fff0df484f798
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7CF18DB1A29F0286EA658F31D55827963A2FF45BB4F08E230DA9E467B0DF3CE545C340
                                                                                                                                                                                                        Function 00007FFB1BABCD30 Relevance: 44.0, APIs: 17, Strings: 8, Instructions: 286COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Arg_Object_SizeUnicode_$ArgumentDict_Err_KeywordsMallocMem_Module_StateStringTrackUnpack
                                                                                                                                                                                                        • String ID: ParserCreate$XML_ParserCreate failed$argument 'encoding'$argument 'namespace_separator'$embedded null character$intern must be a dictionary$namespace_separator must be at most one character, omitted, or None$str or None
                                                                                                                                                                                                        • API String ID: 2842625026-809047262
                                                                                                                                                                                                        • Opcode ID: a8006b2c80ad8eb603a4d3491ae5d0711fcf2d1c4f415fcfcbaee31e26f8d684
                                                                                                                                                                                                        • Instruction ID: 91564047bf17f01172d775420f598c5815bb759e4a22db2ad1c83d8ce4c19a0e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a8006b2c80ad8eb603a4d3491ae5d0711fcf2d1c4f415fcfcbaee31e26f8d684
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 78D17DB2A29F4292EA658B35D54067867A6FF45BB4F44E236E92D437B0EF3CE445C300
                                                                                                                                                                                                        Function 00007FFB1BAB5490 Relevance: 42.2, APIs: 19, Strings: 5, Instructions: 213COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Dealloc$CallDecodeDict_Err_ItemObject_OccurredUnicode_$BuildErrorTraceback_Tuple_ValueWith
                                                                                                                                                                                                        • String ID: (N)$CharacterData$D:\a\1\s\Modules\pyexpat.c$EndElement$strict
                                                                                                                                                                                                        • API String ID: 2795322658-1455353876
                                                                                                                                                                                                        • Opcode ID: 554d2ca7e76977abd7cb791ad865b57fd3935b8a54646c12cc10b4cdcb776d4e
                                                                                                                                                                                                        • Instruction ID: 9af72896b5b9de545b58283da2d5bceb990828df8566f780d66d14508f0e42e5
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 554d2ca7e76977abd7cb791ad865b57fd3935b8a54646c12cc10b4cdcb776d4e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B8A15DB1A29F4286EA658F31E96427867A2FF44BB1F08E235CA5E46774DF3CE445C700
                                                                                                                                                                                                        Function 00007FFB1BAB15C4 Relevance: 42.1, APIs: 11, Strings: 13, Instructions: 82COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BAB151C: strrchr.VCRUNTIME140(?,?,00000000,00007FFB1BAB1BF5,?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAB153E
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BAB151C: PyModule_New.PYTHON312(?,?,00000000,00007FFB1BAB1BF5,?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAB154A
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BAB151C: PyUnicode_FromString.PYTHON312(?,?,00000000,00007FFB1BAB1BF5,?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAB155B
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BAB151C: _PyImport_SetModule.PYTHON312(?,?,00000000,00007FFB1BAB1BF5,?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAB1573
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BAB151C: PyModule_AddObject.PYTHON312(?,?,00000000,00007FFB1BAB1BF5,?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAB159A
                                                                                                                                                                                                        • PyModule_AddStringConstant.PYTHON312(?,?,00000000,00007FFB1BAB1193), ref: 00007FFB1BAB15F9
                                                                                                                                                                                                        • PyModule_AddIntConstant.PYTHON312(?,?,00000000,00007FFB1BAB1193), ref: 00007FFB1BAB1615
                                                                                                                                                                                                        • PyModule_AddIntConstant.PYTHON312(?,?,00000000,00007FFB1BAB1193), ref: 00007FFB1BAB1631
                                                                                                                                                                                                        • PyModule_AddIntConstant.PYTHON312(?,?,00000000,00007FFB1BAB1193), ref: 00007FFB1BAB164D
                                                                                                                                                                                                        • PyModule_AddIntConstant.PYTHON312(?,?,00000000,00007FFB1BAB1193), ref: 00007FFB1BAB1669
                                                                                                                                                                                                        • PyModule_AddIntConstant.PYTHON312(?,?,00000000,00007FFB1BAB1193), ref: 00007FFB1BAB1685
                                                                                                                                                                                                        • PyModule_AddIntConstant.PYTHON312(?,?,00000000,00007FFB1BAB1193), ref: 00007FFB1BAB16A1
                                                                                                                                                                                                        • PyModule_AddIntConstant.PYTHON312(?,?,00000000,00007FFB1BAB1193), ref: 00007FFB1BAB16B8
                                                                                                                                                                                                        • PyModule_AddIntConstant.PYTHON312(?,?,00000000,00007FFB1BAB1193), ref: 00007FFB1BAB16D0
                                                                                                                                                                                                        • PyModule_AddIntConstant.PYTHON312(?,?,00000000,00007FFB1BAB1193), ref: 00007FFB1BAB16E8
                                                                                                                                                                                                        • PyModule_AddIntConstant.PYTHON312(?,?,00000000,00007FFB1BAB1193), ref: 00007FFB1BAB1700
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Module_$Constant$String$FromImport_ModuleObjectUnicode_strrchr
                                                                                                                                                                                                        • String ID: Constants used to interpret content model information.$XML_CQUANT_NONE$XML_CQUANT_OPT$XML_CQUANT_PLUS$XML_CQUANT_REP$XML_CTYPE_ANY$XML_CTYPE_CHOICE$XML_CTYPE_EMPTY$XML_CTYPE_MIXED$XML_CTYPE_NAME$XML_CTYPE_SEQ$__doc__$pyexpat.model
                                                                                                                                                                                                        • API String ID: 3546453425-788580754
                                                                                                                                                                                                        • Opcode ID: f47f4e69797468af7a4f5b7c921a7462173fbd1a0250fc45a4e7a85105aabbd2
                                                                                                                                                                                                        • Instruction ID: 2e99de46b0c6aa10241b50d01ca5ebc2aeefebb43e652a6e388b8ec910005d45
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f47f4e69797468af7a4f5b7c921a7462173fbd1a0250fc45a4e7a85105aabbd2
                                                                                                                                                                                                        • Instruction Fuzzy Hash: DB3132A4B38F0292E7108F32E9406646367BF44FB5B84E335C92986574EF2DF54DD610
                                                                                                                                                                                                        Function 00007FFB1BB11E60 Relevance: 36.9, APIs: 14, Strings: 7, Instructions: 162COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Buffer_$Arg_BufferContiguousObject_Release$ArgumentErr_KeywordsLongLong_OccurredSizeUnicode_Unpack
                                                                                                                                                                                                        • String ID: argument 'hash_name'$argument 'password'$argument 'salt'$contiguous buffer$embedded null character$pbkdf2_hmac$str
                                                                                                                                                                                                        • API String ID: 448224016-2023054051
                                                                                                                                                                                                        • Opcode ID: f967922ea29c87b2c9c1a49ac8adb7071f328b28c174bf3f005123463617cf26
                                                                                                                                                                                                        • Instruction ID: 11e9a5b74ed3adb8171192e94712eb6283e25842b6c52aa09bcf5b5a0b7130bb
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f967922ea29c87b2c9c1a49ac8adb7071f328b28c174bf3f005123463617cf26
                                                                                                                                                                                                        • Instruction Fuzzy Hash: AC812FAAA08F82C5EA31CF31F8443BA6366FB957A4F40A235D98D47A64DF3CE555C700
                                                                                                                                                                                                        Function 00007FFB0B7FBC90 Relevance: 33.4, APIs: 12, Strings: 7, Instructions: 169COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623763458.00007FFB0B7C1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0B7C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623744061.00007FFB0B7C0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623763458.00007FFB0B842000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623835541.00007FFB0B844000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623862928.00007FFB0B86C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B871000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B877000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B87F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b7c0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: O_printfO_puts$O_indentX509$M_write_bio_X509_freeX509_print_exd2i_
                                                                                                                                                                                                        • String ID: ------details-----$------------------$<TRAILING GARBAGE AFTER CERTIFICATE>$<UNPARSEABLE CERTIFICATE>$ASN.1Cert, length=%d$certificate_list, length=%d$context
                                                                                                                                                                                                        • API String ID: 1298273312-331119655
                                                                                                                                                                                                        • Opcode ID: a6e9cd816b3a50e8b379d966f387581ab152df8ab3f3cef6b7569515ae4a651b
                                                                                                                                                                                                        • Instruction ID: 46a8ed4a9ff9b3869493e222dba5c9d39b5b3799031db7a58116ff2ff1a8a3c9
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a6e9cd816b3a50e8b379d966f387581ab152df8ab3f3cef6b7569515ae4a651b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7B61D5A270878285EA50CB35E444EA9B791FB84BD0F588135DE9E87BB5DF3CE540CB04
                                                                                                                                                                                                        Function 00007FFB1BB15694 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 137COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Arg_Bool_CheckFromLongPositional
                                                                                                                                                                                                        • String ID: Buffer must be single dimension$compare_digest$comparing strings with non-ASCII characters is not supported$unsupported operand types(s) or combination of types: '%.100s' and '%.100s'
                                                                                                                                                                                                        • API String ID: 2366872897-2538118963
                                                                                                                                                                                                        • Opcode ID: edebca3cb4f41218c316185370896cf6ef0e78ad2586e94875dc5a307ff22e01
                                                                                                                                                                                                        • Instruction ID: 2c04df60e4a91ad2c7442e9ccd8ff147b469aefb2674cbed979f4cd0c288f5fb
                                                                                                                                                                                                        • Opcode Fuzzy Hash: edebca3cb4f41218c316185370896cf6ef0e78ad2586e94875dc5a307ff22e01
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 995141E9B08E46C2EB308B36F85577B2362FB45BA4F58A031DA4E47AB4DE2CD445C750
                                                                                                                                                                                                        Function 00007FFB0B7F6C80 Relevance: 31.9, APIs: 15, Strings: 3, Instructions: 366COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623763458.00007FFB0B7C1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0B7C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623744061.00007FFB0B7C0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623763458.00007FFB0B842000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623835541.00007FFB0B844000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623862928.00007FFB0B86C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B871000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B877000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B87F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b7c0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: DSA$RSA$gfffffff
                                                                                                                                                                                                        • API String ID: 0-2263753174
                                                                                                                                                                                                        • Opcode ID: de93300cda38d9fab00c6d2ac7951e5a915e570a899abb6ed72b62b95e554886
                                                                                                                                                                                                        • Instruction ID: 00a48c5a618b3b72205bbcf5f01cbb3f05356909cb18d078f8832ee0a7203955
                                                                                                                                                                                                        • Opcode Fuzzy Hash: de93300cda38d9fab00c6d2ac7951e5a915e570a899abb6ed72b62b95e554886
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 30D1AEA2A0C78385FA688A36D550FBA2295BF44BC8F148135ED0FD77F6DE3CE9418605
                                                                                                                                                                                                        Function 00007FFB1BB11690 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 129threadCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Buffer_Release$BufferDigestErr_Eval_Object_StringThreadUpdate$CheckRestoreSaveThread_acquire_lockThread_allocate_lockThread_release_lock
                                                                                                                                                                                                        • String ID: Buffer must be single dimension$Strings must be encoded before hashing$object supporting the buffer API required
                                                                                                                                                                                                        • API String ID: 3566613315-2943709887
                                                                                                                                                                                                        • Opcode ID: b2844aead8b71f97ddacbc8604f13910c94384416e2ba0b1b0b822438aa7a6a6
                                                                                                                                                                                                        • Instruction ID: bf5d712799a00fd5c154c3b3ddcaba5852d2fbe9b9238479032c9693daa95398
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b2844aead8b71f97ddacbc8604f13910c94384416e2ba0b1b0b822438aa7a6a6
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 38512FE9B18E42C1EA308B36F44436A63A2FB85BA4F58A531DE4D47FB4DF2CE5558700
                                                                                                                                                                                                        Function 00007FFB1BB12130 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 104threadCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Err_String$Eval_Thread$Bytes_D_freeD_get_sizeD_up_refDeallocFromLongLong_Module_OccurredPy_hashtable_getRestoreSaveSizeState
                                                                                                                                                                                                        • String ID: iteration value must be greater than 0.$key length must be greater than 0.$password is too long.$salt is too long.
                                                                                                                                                                                                        • API String ID: 1537479992-530160643
                                                                                                                                                                                                        • Opcode ID: 2bc0959929fcd9de9f818cc4bf98f8f01eb30a1bcad94241f0f64e58b60c0777
                                                                                                                                                                                                        • Instruction ID: ad6fc72b06baa63fe281b3f61ece193162c9ffbc4d6928d41ecb13ff463834d6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2bc0959929fcd9de9f818cc4bf98f8f01eb30a1bcad94241f0f64e58b60c0777
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 754110F9A09E42C6EA209B32F44427A6362FB85BA4F54A131ED5E43BB4DF3CE505C740
                                                                                                                                                                                                        Function 00007FFB1BB160CC Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 86threadCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: BufferBuffer_Err_Eval_Object_ReleaseStringThreadUpdate$CheckRestoreSaveThread_acquire_lockThread_allocate_lockThread_release_lock
                                                                                                                                                                                                        • String ID: Buffer must be single dimension$Strings must be encoded before hashing$object supporting the buffer API required
                                                                                                                                                                                                        • API String ID: 2508703043-2943709887
                                                                                                                                                                                                        • Opcode ID: 7b8c5fcb64535dae8ade39732ce5549f4bcd892936a5637e9decb30fee0f5c65
                                                                                                                                                                                                        • Instruction ID: d542405e8e922d5266cf5bbdd81f1d9745b3146267cb4ba0f5dbff87dd097257
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7b8c5fcb64535dae8ade39732ce5549f4bcd892936a5637e9decb30fee0f5c65
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 434121AAE18E82C2E6308B36F45437A6372FB95B64F10B131EE4E43A75DF2CE5558740
                                                                                                                                                                                                        Function 00007FFB0B7C1C62 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623763458.00007FFB0B7C1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0B7C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623744061.00007FFB0B7C0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623763458.00007FFB0B842000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623835541.00007FFB0B844000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623862928.00007FFB0B86C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B871000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B877000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B87F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b7c0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: R_newR_set_debug$L_sk_valueR_clear_errorX509_get0_pubkey
                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_clnt.c$tls_post_process_server_certificate
                                                                                                                                                                                                        • API String ID: 2779586248-3767186838
                                                                                                                                                                                                        • Opcode ID: 64f3d6e0dfacc62ed11453535018f390a1ee0d888f9b89cdc5be1ccb0b8653ef
                                                                                                                                                                                                        • Instruction ID: 789bbb1a14e84cd9f7192ec5d518ebb36483a2bb1fcda392dfb1cfe7045f4acd
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 64f3d6e0dfacc62ed11453535018f390a1ee0d888f9b89cdc5be1ccb0b8653ef
                                                                                                                                                                                                        • Instruction Fuzzy Hash: AC515AE2A1974282EB509B35D455FAD3390FB94B84F548035D90ED77BADF2DE8818B00
                                                                                                                                                                                                        Function 00007FFB1BB136B0 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 109stringCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Module_$DeallocDict_String$AttrDictFromItemObjectObject_Proxy_StateUnicode_strncmp
                                                                                                                                                                                                        • String ID: _constructors$openssl_
                                                                                                                                                                                                        • API String ID: 4222656307-3359357282
                                                                                                                                                                                                        • Opcode ID: 8a7a72a64cbb84962d067ee858ade89190260b9e48927ef3014a32c37814c3e2
                                                                                                                                                                                                        • Instruction ID: e27b23f20d15c8c87dfa29711f525bba526d0b8ba8fb7f851bcc7b496e01b0ed
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8a7a72a64cbb84962d067ee858ade89190260b9e48927ef3014a32c37814c3e2
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 85412EE9A0AF02D1EA258B36F48477A26A6FF49BA0F44A034DD1D07B74EF3CE4418310
                                                                                                                                                                                                        Function 00007FFB1BAB3030 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 328COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Object_memcpy$Arg_BufferBuffer_Err_FromKeywordsLongLong_ModuleOccurredReleaseSizeStateTrueType_Unicode_Unpack
                                                                                                                                                                                                        • String ID: )$)$utf-8$xml=http://www.w3.org/XML/1998/namespace
                                                                                                                                                                                                        • API String ID: 1138660673-3008315473
                                                                                                                                                                                                        • Opcode ID: ebf2d6cddf4481238580208651ae86d4bcf958ecd0708eb8b91e9a3081165617
                                                                                                                                                                                                        • Instruction ID: ef493cd17d76d90cf102baa08d3ce28377c88752b4395c60a58abd61151eb6cd
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ebf2d6cddf4481238580208651ae86d4bcf958ecd0708eb8b91e9a3081165617
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9DE170B2A28F8682EB618F35D5843B932D6FB54BA4F08A235CE1D47368DF38E5408750
                                                                                                                                                                                                        Function 00007FF7EC4F81C0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC4F9400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7EC4F45E4,00000000,00007FF7EC4F1985), ref: 00007FF7EC4F9439
                                                                                                                                                                                                        • ExpandEnvironmentStringsW.KERNEL32(?,00007FF7EC4F88A7,?,?,00000000,00007FF7EC4F3CBB), ref: 00007FF7EC4F821C
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC4F2810: MessageBoxW.USER32 ref: 00007FF7EC4F28EA
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                        • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                        • API String ID: 1662231829-930877121
                                                                                                                                                                                                        • Opcode ID: 6fbdb188916104b0c2c5940302cfd80688c9116ecc918f500a0c860990a20752
                                                                                                                                                                                                        • Instruction ID: cf5f69c3bd0e7a074bcee31ad22050d3d8ba8549cb9ec98b3fd83b1f98bc6dd7
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6fbdb188916104b0c2c5940302cfd80688c9116ecc918f500a0c860990a20752
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4E51C819A1CBC241FB51BB20D8557BAE654AF96788FD41033D54E876D5EF3CE418C322
                                                                                                                                                                                                        Function 00007FFB0B7FEC70 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 175COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • EVP_MD_get_size.LIBCRYPTO-3(?,0000077C,?,?,00007FFB0B800FE3), ref: 00007FFB0B7FEC92
                                                                                                                                                                                                        • ERR_new.LIBCRYPTO-3(?,0000077C,?,?,00007FFB0B800FE3), ref: 00007FFB0B7FEC9B
                                                                                                                                                                                                        • ERR_set_debug.LIBCRYPTO-3(?,0000077C,?,?,00007FFB0B800FE3), ref: 00007FFB0B7FECB3
                                                                                                                                                                                                        • EVP_CipherInit_ex.LIBCRYPTO-3(?,0000077C,?,?,00007FFB0B800FE3), ref: 00007FFB0B7FEE98
                                                                                                                                                                                                        • EVP_CIPHER_CTX_ctrl.LIBCRYPTO-3(?,0000077C,?,?,00007FFB0B800FE3), ref: 00007FFB0B7FEEAD
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623763458.00007FFB0B7C1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0B7C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623744061.00007FFB0B7C0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623763458.00007FFB0B842000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623835541.00007FFB0B844000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623862928.00007FFB0B86C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B871000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B877000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B87F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b7c0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CipherD_get_sizeInit_exR_newR_set_debugX_ctrl
                                                                                                                                                                                                        • String ID: ..\s\ssl\tls13_enc.c$derive_secret_key_and_iv$key
                                                                                                                                                                                                        • API String ID: 2359698082-1803617066
                                                                                                                                                                                                        • Opcode ID: d5d588a8f55d9b6816fd17f46e33221472d5561e214a692d8d16635564c8313e
                                                                                                                                                                                                        • Instruction ID: 25e1772e2a81bbee25947ac1a014d58a6b32589bf4fe9a83281211c954fa4093
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d5d588a8f55d9b6816fd17f46e33221472d5561e214a692d8d16635564c8313e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E37170B260CB8245E7609B25E840FAA76A4FB85BC4F448135ED8E93FB5DF3CD1419B04
                                                                                                                                                                                                        Function 00007FF7EC4F1600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                        • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                        • API String ID: 2050909247-1550345328
                                                                                                                                                                                                        • Opcode ID: 4c7fe1244eef98df2bcb46fd1baa582529a9c283c7dafe045e7b476fd79c6f5c
                                                                                                                                                                                                        • Instruction ID: 923b9313f80a782d9abd28b6d4e4c5fb8326fdc5de4bd2f02f6371e149b79234
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4c7fe1244eef98df2bcb46fd1baa582529a9c283c7dafe045e7b476fd79c6f5c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C551C2A9F08A8292FA10BB1194017B9A794BF41798FD05133ED1C47791EF3CE569C362
                                                                                                                                                                                                        Function 00007FFB1BB15C80 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 102COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Buffer_$Arg_$ArgumentBufferContiguousObject_Release$KeywordsUnpack
                                                                                                                                                                                                        • String ID: argument 'key'$argument 'msg'$contiguous buffer$hmac_digest
                                                                                                                                                                                                        • API String ID: 3345984100-3409375717
                                                                                                                                                                                                        • Opcode ID: 66fff912db1a8846218a2f349c809b549b30198c40bc60d0ea9e6cec326a8f68
                                                                                                                                                                                                        • Instruction ID: 52b082d99ba12df2b649012b931cb9ccb4b3d8e343edf750d41869589d8740c4
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 66fff912db1a8846218a2f349c809b549b30198c40bc60d0ea9e6cec326a8f68
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B1518EA6A0CEC6C1EA30CB35F8447BAA362FB957A4F44A131E98D46974DF7CE585C700
                                                                                                                                                                                                        Function 00007FFB1BB12360 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 59COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Err_$Format$R_clear_errorR_func_error_stringR_lib_error_stringR_peek_last_errorR_reason_error_stringString
                                                                                                                                                                                                        • String ID: [%s: %s] %s$[%s] %s$no reason supplied
                                                                                                                                                                                                        • API String ID: 748225740-1501659929
                                                                                                                                                                                                        • Opcode ID: f17151163b080f89a1bdbf63128d819a144cd853623345ffb190883207271f8c
                                                                                                                                                                                                        • Instruction ID: e5f9fd5b7517ec226318c2de365b817a4499c55b7d9db800390fe8d1e4e2cb07
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f17151163b080f89a1bdbf63128d819a144cd853623345ffb190883207271f8c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 042130E9A0CF42C6E6209B32F80426BA2A7FF45BA1F54A134E94E47F74DF2CD5168700
                                                                                                                                                                                                        Function 00007FFB1BABD390 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 152stringCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _errno$getenvstrtoul
                                                                                                                                                                                                        • String ID: EXPAT_ACCOUNTING_DEBUG$EXPAT_ENTITY_DEBUG
                                                                                                                                                                                                        • API String ID: 1872403029-3277422050
                                                                                                                                                                                                        • Opcode ID: 7080b4d9d49bbdcffebfc5b828af6f97c1bdbf5058d287a36718979dd71f32c5
                                                                                                                                                                                                        • Instruction ID: ad8d659ba0f044bef242089b906e703b901eea5d7513a5ab6be28d970812e37e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7080b4d9d49bbdcffebfc5b828af6f97c1bdbf5058d287a36718979dd71f32c5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3E91E872525F9185E741CF30E88439C33ADF744F98F58923AEA894BBA8DF389195C760
                                                                                                                                                                                                        Function 00007FFB1BB15B14 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 95COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Err_String$Module_State
                                                                                                                                                                                                        • String ID: Missing required parameter 'digestmod'.$key is too long.
                                                                                                                                                                                                        • API String ID: 450183790-3184708805
                                                                                                                                                                                                        • Opcode ID: d7d6cee0bc4d4f90b71a20fb6c4b64fe5d9fd5e6740365a23fd47b4efcc90926
                                                                                                                                                                                                        • Instruction ID: 1bf1df9de9c9c124dc9eadff9aa30930dc20737415ce4380d4a7cc679b34faec
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d7d6cee0bc4d4f90b71a20fb6c4b64fe5d9fd5e6740365a23fd47b4efcc90926
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F41C9A9A08E42C1EA249F32F85437A63A2FF94FA4F58A431DD0E47F74DE6CE5058300
                                                                                                                                                                                                        Function 00007FFB1BAB1BD0 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 93COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BAB151C: strrchr.VCRUNTIME140(?,?,00000000,00007FFB1BAB1BF5,?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAB153E
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BAB151C: PyModule_New.PYTHON312(?,?,00000000,00007FFB1BAB1BF5,?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAB154A
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BAB151C: PyUnicode_FromString.PYTHON312(?,?,00000000,00007FFB1BAB1BF5,?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAB155B
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BAB151C: _PyImport_SetModule.PYTHON312(?,?,00000000,00007FFB1BAB1BF5,?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAB1573
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BAB151C: PyModule_AddObject.PYTHON312(?,?,00000000,00007FFB1BAB1BF5,?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAB159A
                                                                                                                                                                                                        • PyDict_New.PYTHON312(?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAB1C01
                                                                                                                                                                                                        • PyDict_New.PYTHON312(?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAB1C13
                                                                                                                                                                                                        • PyModule_AddStringConstant.PYTHON312(?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAB1C6C
                                                                                                                                                                                                        • PyModule_AddObjectRef.PYTHON312(?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAC0E97
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BAB1CD4: PyModule_AddStringConstant.PYTHON312(?,?,00000000,00007FFB1BAB1C46,?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAB1D2A
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BAB1CD4: PyLong_FromLong.PYTHON312(?,?,00000000,00007FFB1BAB1C46,?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAB1D3A
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BAB1CD4: PyDict_SetItemString.PYTHON312(?,?,00000000,00007FFB1BAB1C46,?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAB1D51
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BAB1CD4: PyUnicode_FromString.PYTHON312(?,?,00000000,00007FFB1BAB1C46,?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAB1D62
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BAB1CD4: PyDict_SetItem.PYTHON312(?,?,00000000,00007FFB1BAB1C46,?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAB1D7D
                                                                                                                                                                                                        • _Py_Dealloc.PYTHON312(?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAC0EE6
                                                                                                                                                                                                        • _Py_Dealloc.PYTHON312(?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAC0F0B
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Module_String$Dict_$From$ConstantDeallocItemObjectUnicode_$Import_LongLong_Modulestrrchr
                                                                                                                                                                                                        • String ID: Constants used to describe error conditions.$__doc__$codes$messages$pyexpat.errors
                                                                                                                                                                                                        • API String ID: 22755458-1115447882
                                                                                                                                                                                                        • Opcode ID: 3ec2ee7fddb1b4482ee5d5c424c0a5a23e3c77927313c96c8691d26e8aece8ad
                                                                                                                                                                                                        • Instruction ID: b5c958b75f3fb2612c2a68aa87fe5d4e76ba4201fa5e8dc42d69f860798f57d9
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3ec2ee7fddb1b4482ee5d5c424c0a5a23e3c77927313c96c8691d26e8aece8ad
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 70314FA1A78F5281E6255B37DA0027862A6AF4ABB0F48E731DD2D963B4DF3CF541C340
                                                                                                                                                                                                        Function 00007FFB0B664808 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 93COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623328160.00007FFB0B661000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFB0B660000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623310302.00007FFB0B660000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B665000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B6C2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B70E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B712000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B717000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B76F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623528885.00007FFB0B772000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623548443.00007FFB0B774000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b660000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CompareUnicode_$DeallocStringWith
                                                                                                                                                                                                        • String ID: NFC$NFD$NFKC$NFKD$invalid normalization form
                                                                                                                                                                                                        • API String ID: 1004266020-3528878251
                                                                                                                                                                                                        • Opcode ID: af26892aff1d8045e963e496d2751d5e301b46a530bc7b3c9d9d9e4ca357d1c9
                                                                                                                                                                                                        • Instruction ID: 0cdeb2436d19b59e22407ee201de524fdb49028a6c5a502c8471853be5bdf40f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: af26892aff1d8045e963e496d2751d5e301b46a530bc7b3c9d9d9e4ca357d1c9
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D3412FA1A086478AEA148B35ECA0B75E3A1BB57B85F54813DE94FC7774DF2DE4448300
                                                                                                                                                                                                        Function 00007FFB0B6624D0 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 81COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623328160.00007FFB0B661000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFB0B660000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623310302.00007FFB0B660000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B665000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B6C2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B70E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B712000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B717000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B76F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623528885.00007FFB0B772000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623548443.00007FFB0B774000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b660000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Module_$DeallocObjectObject_$ConstantFromSpecStringTrackTypeType_
                                                                                                                                                                                                        • String ID: 15.0.0$_ucnhash_CAPI$ucd_3_2_0$unidata_version
                                                                                                                                                                                                        • API String ID: 2663085338-4141011787
                                                                                                                                                                                                        • Opcode ID: 13d2541d63d5590277e7306063f0ab8f10eec6f80969a73a59eba5495f8f2869
                                                                                                                                                                                                        • Instruction ID: 21e784c96820842bc693552aa1db0314561ffe21d8ff121025a9708153751ff2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 13d2541d63d5590277e7306063f0ab8f10eec6f80969a73a59eba5495f8f2869
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 39313EA1E086438EF7255B35DC35A78E2A0AF5BB80F44D039E90FC66B5DF2DE4458310
                                                                                                                                                                                                        Function 00007FFB1BB12580 Relevance: 19.6, APIs: 13, Instructions: 81threadCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Eval_ThreadThread_acquire_lock$Bytes_D_get_sizeDigestErr_FinalFromMemoryRestoreSaveSizeStringThread_release_lockX_copyX_freeX_get0_mdX_new
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3454437874-0
                                                                                                                                                                                                        • Opcode ID: 5af0e09a25c5713230ee3d1889dc38e2ab6d499660ce2b9bfbac1a6d02f6bb4d
                                                                                                                                                                                                        • Instruction ID: f32716d342c7a3dc84b4702fcdabc5ac63e9d92321f6c5f0c0f6272a1972e59b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5af0e09a25c5713230ee3d1889dc38e2ab6d499660ce2b9bfbac1a6d02f6bb4d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A131ECE9A08E42C5EA309B32F45437B6366FF89BA0F14A431DD4E47B75DE3CE4458640
                                                                                                                                                                                                        Function 00007FFB1BB12680 Relevance: 19.6, APIs: 13, Instructions: 79threadCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Eval_ThreadThread_acquire_lock$D_get_sizeDigestErr_FinalMemoryPy_strhexRestoreSaveThread_release_lockX_copyX_freeX_get0_mdX_new
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2571855718-0
                                                                                                                                                                                                        • Opcode ID: cc2acc3f2ccb26c96ffb10b962d75417b748d5689a666e146d0250ac663098a4
                                                                                                                                                                                                        • Instruction ID: 12d94f103d849b1201c828fa292aee18a8afc75dc418534f2059e4825259db1c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: cc2acc3f2ccb26c96ffb10b962d75417b748d5689a666e146d0250ac663098a4
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8231ECE9A08E42C2EA309B32F45437B6362FF89BA0F14A431DD4E87B75DE3CE4458650
                                                                                                                                                                                                        Function 00007FFB1BB12820 Relevance: 19.6, APIs: 13, Instructions: 70COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Mem_$Free$X_free$Err_Memory$DigestFinalMallocPy_strhexX_copyX_new
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 422439089-0
                                                                                                                                                                                                        • Opcode ID: ef5295268f00a666a543739915425d75c4bb3264b627ffc978e8f47b21a2ca98
                                                                                                                                                                                                        • Instruction ID: eabf9336ec573d1b7d8985b7c1028191623f307bfbf4a53c2bfe0917bae64c43
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ef5295268f00a666a543739915425d75c4bb3264b627ffc978e8f47b21a2ca98
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F6219BD8A5DE42C5EA249B33F95427A5366FF8AFE1B08A431DD0E47B75DE2CE0158240
                                                                                                                                                                                                        Function 00007FFB0B6611B0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 152COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623328160.00007FFB0B661000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFB0B660000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623310302.00007FFB0B660000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B665000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B6C2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B70E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B712000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B717000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B76F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623528885.00007FFB0B772000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623548443.00007FFB0B774000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b660000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CompareStringUnicode_With$Mem_$FreeMallocSubtypeType_
                                                                                                                                                                                                        • String ID: NFC$NFD$NFKC$NFKD$invalid normalization form
                                                                                                                                                                                                        • API String ID: 1723213316-3528878251
                                                                                                                                                                                                        • Opcode ID: 9ebbeb7ffb067a2c84aacc1cf291dabc7e77949c11924730220a14a4a7e8ad4f
                                                                                                                                                                                                        • Instruction ID: 5801bcb7a72874ea2d156bee04e8b6579f82eb72d7015f5196d09264269470f7
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9ebbeb7ffb067a2c84aacc1cf291dabc7e77949c11924730220a14a4a7e8ad4f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F45162A1A0C1524AFA608B35EC11F79E295BF57BC4F44E139E94FD7BA5DE2CE4818700
                                                                                                                                                                                                        Function 00007FFB1BAB52E8 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 139COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: BuildCallDeallocDecodeErr_Object_OccurredTraceback_Unicode_Value
                                                                                                                                                                                                        • String ID: (N)$D:\a\1\s\Modules\pyexpat.c$DefaultHandlerExpand$strict
                                                                                                                                                                                                        • API String ID: 3946318258-433660676
                                                                                                                                                                                                        • Opcode ID: fa72fc54b12be613a48c9a5699b8ac098a9d40bb0e323d2124b068d33d8ff55e
                                                                                                                                                                                                        • Instruction ID: 9f18eb8508b17c41a85ce063b7078fc9cbc1efe613918a05238278d9bc11129f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: fa72fc54b12be613a48c9a5699b8ac098a9d40bb0e323d2124b068d33d8ff55e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0951B5F2A6DB8186EA164F31D92463C2B72AB42FA0F58D236DA9D43F65DF2CD415C301
                                                                                                                                                                                                        Function 00007FFB0B6643F4 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 109COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623328160.00007FFB0B661000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFB0B660000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623310302.00007FFB0B660000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B665000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B6C2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B70E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B712000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B717000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B76F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623528885.00007FFB0B772000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623548443.00007FFB0B774000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b660000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Arg_ArgumentFromStringSubtypeType_Unicode_
                                                                                                                                                                                                        • String ID: $%04X$a unicode character$argument$decomposition
                                                                                                                                                                                                        • API String ID: 1318908108-4056541097
                                                                                                                                                                                                        • Opcode ID: 84a528a47654cdde31738837f18bb607aa473ddf7d16b6eb27ea2fde83817aeb
                                                                                                                                                                                                        • Instruction ID: 293357ebec31a652bbd047df3b77fdbf682653e946f5421c294d246579b5ddb5
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 84a528a47654cdde31738837f18bb607aa473ddf7d16b6eb27ea2fde83817aeb
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 03413DE2A0868249EB248B35EC61BB8A361FF56B94F548239E95F877E4DF3CD445C300
                                                                                                                                                                                                        Function 00007FFB1BAC9324 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 105COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Arg_SizeUnicode_$ArgumentErr_KeywordsStringUnpack
                                                                                                                                                                                                        • String ID: ExternalEntityParserCreate$argument 1$argument 2$embedded null character$str$str or None
                                                                                                                                                                                                        • API String ID: 542819765-2847936699
                                                                                                                                                                                                        • Opcode ID: c881c38c8e8fe2e4438c90695b372e6ee3ac361338c9d22bad35c1c5d9e7a8e8
                                                                                                                                                                                                        • Instruction ID: 887670410974c2e1da5c29dc5c04a1e7931cb072bf196b38c23a1b48d78f609f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c881c38c8e8fe2e4438c90695b372e6ee3ac361338c9d22bad35c1c5d9e7a8e8
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2B4191B1A28F8695EB61CB22E5406A963A2FB44BB4F84A231DE5D437B4DF3CE545C700
                                                                                                                                                                                                        Function 00007FFB0B7C1C21 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623763458.00007FFB0B7C1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0B7C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623744061.00007FFB0B7C0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623763458.00007FFB0B842000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623835541.00007FFB0B844000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623862928.00007FFB0B86C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B871000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B877000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B87F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b7c0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: O_ctrlO_int_ctrlO_method_typeO_newO_s_socketO_up_refR_newR_set_debugR_set_error
                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c$SSL_set_wfd
                                                                                                                                                                                                        • API String ID: 475579866-2547745303
                                                                                                                                                                                                        • Opcode ID: e440737a401a41bc3a69e06fac9319811f92c26d0a14f44ba70635c6ee49c4af
                                                                                                                                                                                                        • Instruction ID: 9dd2227bf7cdcd5d4f069faec2faa3dcd2a4711eee851b0e7fcf4de8d6a13622
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e440737a401a41bc3a69e06fac9319811f92c26d0a14f44ba70635c6ee49c4af
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B811C3A2F1875242EA94AB35E841EBE2240EF58BC0F449435F90F97BB7EE2CE4404B41
                                                                                                                                                                                                        Function 00007FFB1BACB35C Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 104COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: __acrt_iob_func$__stdio_common_vfprintf
                                                                                                                                                                                                        • String ID: (+%6I64d bytes %s|%d, xmlparse.c:%d) %*s"$DIR$EXP$[..]
                                                                                                                                                                                                        • API String ID: 2815179470-1851131210
                                                                                                                                                                                                        • Opcode ID: ab9bc3c10d808dfa51b644bdf0a734321779fd514256664b683ed3173f8a374a
                                                                                                                                                                                                        • Instruction ID: ad2542fa6d1160398c8c44ff5ceebed482541d9faf24e535525eb6d5114d75de
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ab9bc3c10d808dfa51b644bdf0a734321779fd514256664b683ed3173f8a374a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: ED41B2B5A2CF8245EA00DB34E5541B93762BF44BA0F44E636EA8D47376DE3DE405C700
                                                                                                                                                                                                        Function 00007FFB1BAB2840 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 89COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Dealloc$CallDecodeObject_Traceback_Tuple_Unicode_
                                                                                                                                                                                                        • String ID: CharacterData$D:\a\1\s\Modules\pyexpat.c$strict
                                                                                                                                                                                                        • API String ID: 1267065021-205442349
                                                                                                                                                                                                        • Opcode ID: 869f09ce9f8c307a3f70c39af0bd0d5f52e91205c8715a0eef81db1c9205ef9a
                                                                                                                                                                                                        • Instruction ID: 66f5f47e0d95df79f1b723e636bfe279874f7777a07869aa5fefc1015a30c6d2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 869f09ce9f8c307a3f70c39af0bd0d5f52e91205c8715a0eef81db1c9205ef9a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: EF416DB5A28F0286EB658F75E54437927A2EB44BB4F08A235CA5D837B4DF3CE481C341
                                                                                                                                                                                                        Function 00007FF7EC4F80B0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                                                                                        • String ID: Needs to remove its temporary files.
                                                                                                                                                                                                        • API String ID: 3975851968-2863640275
                                                                                                                                                                                                        • Opcode ID: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                        • Instruction ID: 2a53b55c3e61a913e5351cfb377b76fcc58d2b621ceb458898de35647d4a3159
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B7212B6DB08E8281E7016B3AA848339E254EF8AB94F985232DE2D473D4DE3CD454C222
                                                                                                                                                                                                        Function 00007FFB1BA61030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627179287.00007FFB1BA61000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BA60000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627156241.00007FFB1BA60000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627202946.00007FFB1BA63000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627227017.00007FFB1BA64000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627252427.00007FFB1BA65000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1ba60000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 349153199-0
                                                                                                                                                                                                        • Opcode ID: 632739f6e53f99d3db5e33da1e5c0ad35d4cb4c9218bf9d76c45be126c9d3af3
                                                                                                                                                                                                        • Instruction ID: b400a6e770d3e8d2de9cf7eb2f16694e2da85844a3412bdb7ee77a2bca651961
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 632739f6e53f99d3db5e33da1e5c0ad35d4cb4c9218bf9d76c45be126c9d3af3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: EF818BE5E2CA4346FA509B77D4412796A93AF557A0F44F23EDA0D837B6DE3CF4428600
                                                                                                                                                                                                        Function 00007FFB1BABF6D0 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 349153199-0
                                                                                                                                                                                                        • Opcode ID: 248431e7ae0490ef3f3987a63717946b8f1aaab44578126be911d65b63aebc66
                                                                                                                                                                                                        • Instruction ID: 727dd5cf2360e31a54dc50747f9c0be6071d23a5026edd9bf084c902c762ae69
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 248431e7ae0490ef3f3987a63717946b8f1aaab44578126be911d65b63aebc66
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5C81E1E0E28E4346F650BB75D6502B9629AAF467A0F5CE335D92C833B6DE3FE4458300
                                                                                                                                                                                                        Function 00007FFB1BB13D30 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 349153199-0
                                                                                                                                                                                                        • Opcode ID: 89efeebce90c2a6ea7b4486338207e72422d4651e86c239886dc162fc8327160
                                                                                                                                                                                                        • Instruction ID: f306f9555b5da162e9c9622010e9a680689a2df07524e977d6b81aa9eabdb97f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 89efeebce90c2a6ea7b4486338207e72422d4651e86c239886dc162fc8327160
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5C818EE9E09A02D5F670AB76F48137B26A2FF457A0F44E035D90C47AB6EE2CE5458A10
                                                                                                                                                                                                        Function 00007FFB18B71030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2626311044.00007FFB18B71000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFB18B70000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2626283956.00007FFB18B70000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2626331484.00007FFB18B73000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2626352460.00007FFB18B74000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2626372506.00007FFB18B75000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb18b70000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 349153199-0
                                                                                                                                                                                                        • Opcode ID: 13216a91d280a0ad17bb93d9638d94c9aa7988d3a2199bea0cdda77358a17c13
                                                                                                                                                                                                        • Instruction ID: 20f89d8467a82d9c50de71ebacc48791615ca54a5c79703bbb891301ae04bb10
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 13216a91d280a0ad17bb93d9638d94c9aa7988d3a2199bea0cdda77358a17c13
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A6817BE9E18F4386FB70AB75D4412BB22A3BF457A0F444035D94D47BD6DE3EE4068628
                                                                                                                                                                                                        Function 00007FFB0B662740 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623328160.00007FFB0B661000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFB0B660000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623310302.00007FFB0B660000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B665000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B6C2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B70E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B712000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B717000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B76F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623528885.00007FFB0B772000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623548443.00007FFB0B774000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b660000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 349153199-0
                                                                                                                                                                                                        • Opcode ID: ba629577db6599826cb9fb44cf19b8c727e776d8ab71a1e0ce86f35fe3adb7c8
                                                                                                                                                                                                        • Instruction ID: b0dbb12593b408cc2950b610b21b01f9c8fdee8c70464da3c90192f7d68739ec
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ba629577db6599826cb9fb44cf19b8c727e776d8ab71a1e0ce86f35fe3adb7c8
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 64816CA1E082474EF7549B76DC61A79A690AF97780F54C13DFA0FC73B6DE2CE8498600
                                                                                                                                                                                                        Function 00007FFB226549C0 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2628984984.00007FFB22651000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB22650000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2628960612.00007FFB22650000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2629011308.00007FFB22656000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2629036819.00007FFB22659000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb22650000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 349153199-0
                                                                                                                                                                                                        • Opcode ID: 41c1564c9b53542f78ee4fe0cba140d0622bb491acb40784f16a44f8e3da4176
                                                                                                                                                                                                        • Instruction ID: 63c32eedbc69d38fe8858e5e8ed1819807cdf0416cea275ed0de6a238dd6c9db
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 41c1564c9b53542f78ee4fe0cba140d0622bb491acb40784f16a44f8e3da4176
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6581CDA3E2C6C386FA539F79DC852792290BF85780F444075E90DE7B96DEBCE4618700
                                                                                                                                                                                                        Function 00007FFB1AB11030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2626635221.00007FFB1AB11000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB1AB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2626603475.00007FFB1AB10000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2626660804.00007FFB1AB14000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2626681960.00007FFB1AB15000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2626712116.00007FFB1AB16000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1ab10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 349153199-0
                                                                                                                                                                                                        • Opcode ID: d8b20e02c901b865873e7091ce4e44ae4228cf79fcdaf74b4f9438ea969cd35b
                                                                                                                                                                                                        • Instruction ID: 663fcf69a914aeb412f3c8fed2322ac9d9b471e0289e0926ace36bb23d6af1e5
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d8b20e02c901b865873e7091ce4e44ae4228cf79fcdaf74b4f9438ea969cd35b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 74817AE8E08BC3C5E6709B75F4403BB6E9AAF557A0F5441BBDA0C87696DE2CF4028600
                                                                                                                                                                                                        Function 00007FFB1BA71030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627297181.00007FFB1BA71000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFB1BA70000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627273930.00007FFB1BA70000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627323875.00007FFB1BA73000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627346453.00007FFB1BA75000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1ba70000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 349153199-0
                                                                                                                                                                                                        • Opcode ID: 4f5290068470706af306daab517f58543be73385f34af613a25d9ec276a3a886
                                                                                                                                                                                                        • Instruction ID: 5a9ac10e52460ec81308d497db90c4407b3aadb1a59a859d9d8bee472cf1b881
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4f5290068470706af306daab517f58543be73385f34af613a25d9ec276a3a886
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 57816EA1E3CA4346FA509B77D4422B962D7AF457A0F44E236D90C877B6DE3EF4468700
                                                                                                                                                                                                        Function 00007FFB18B81030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2626415246.00007FFB18B81000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFB18B80000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2626393507.00007FFB18B80000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2626438449.00007FFB18B83000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2626459172.00007FFB18B85000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb18b80000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 349153199-0
                                                                                                                                                                                                        • Opcode ID: 2e347b0b31fdc3b33f3650616a24c4580738b1cdf7c2697dd32cd46ce7f28e42
                                                                                                                                                                                                        • Instruction ID: 7c62dc2a502ae43468935bd5d5c24de153191a7ce266693557528202e7ed2d05
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2e347b0b31fdc3b33f3650616a24c4580738b1cdf7c2697dd32cd46ce7f28e42
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B08170E9E0AE4346F770AB75F4412BB1292BF4FBA0F744435D94D83796EE2EE4018608
                                                                                                                                                                                                        Function 00007FFB167E1030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2625722486.00007FFB167E1000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FFB167E0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2625701520.00007FFB167E0000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2625745368.00007FFB167E6000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2625766971.00007FFB167EB000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb167e0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 349153199-0
                                                                                                                                                                                                        • Opcode ID: 3667c9311effcda5bebfcd6f0c463b07b4ccdab133b9d1969c09bf43b1d98b8c
                                                                                                                                                                                                        • Instruction ID: 520759043a00ff04216dd7784423a2654467187ebbf4b3eb717bfed6bb1a7d04
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3667c9311effcda5bebfcd6f0c463b07b4ccdab133b9d1969c09bf43b1d98b8c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 94818EE1E18E4386F650ABB5F8722F92293AF557A2F448135DD0C87796DE3CE84D8702
                                                                                                                                                                                                        Function 00007FFB0B81EC70 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 217COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623763458.00007FFB0B7C1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0B7C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623744061.00007FFB0B7C0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623763458.00007FFB0B842000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623835541.00007FFB0B844000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623862928.00007FFB0B86C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B871000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B877000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B87F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b7c0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem.c$write_state_machine
                                                                                                                                                                                                        • API String ID: 193678381-552286378
                                                                                                                                                                                                        • Opcode ID: 8c5bf4e3bef08745cd9ec4a77aa918a4ba80e36b937c2055af9149f4171820af
                                                                                                                                                                                                        • Instruction ID: 9082a9803ebef224bbc0f49d00223f4e7a945e4a0bcb27a9ce45813638c251c3
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8c5bf4e3bef08745cd9ec4a77aa918a4ba80e36b937c2055af9149f4171820af
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 73A17DB2A0974285EB649F35D454FB923A8FB40B88F44843ADE4E83AB5DF3DE945C700
                                                                                                                                                                                                        Function 00007FFB1BA62170 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 166COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627179287.00007FFB1BA61000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BA60000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627156241.00007FFB1BA60000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627202946.00007FFB1BA63000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627227017.00007FFB1BA64000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627252427.00007FFB1BA65000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1ba60000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _wassertmemcpy$memmove
                                                                                                                                                                                                        • String ID: (direction == DirEncrypt) || (direction == DirDecrypt)$cfbState->usedKeyStream <= segment_len$src/raw_cfb.c$src/raw_cfb.c
                                                                                                                                                                                                        • API String ID: 710767724-3209691050
                                                                                                                                                                                                        • Opcode ID: b649bd0a1d546711c851ea8078f7825d9fd1ee49c3c19a2c630744d5683e58bf
                                                                                                                                                                                                        • Instruction ID: 71aad460d40a60938b636a16b81af1251783980195569bf36bcd2c61f58585e2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b649bd0a1d546711c851ea8078f7825d9fd1ee49c3c19a2c630744d5683e58bf
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3361C0F2B28B9182E6118B35E4006A96B62FB95BE4F40E735DE8D13B69DF3CD551C300
                                                                                                                                                                                                        Function 00007FFB1BABA55C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 103COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • PyErr_Occurred.PYTHON312 ref: 00007FFB1BABA5B7
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyUnicode_DecodeUTF8.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6B3
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyDict_GetItemWithError.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6D6
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyErr_Occurred.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6E4
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyDict_SetItem.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6FD
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: _Py_Dealloc.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA735
                                                                                                                                                                                                        • Py_BuildValue.PYTHON312 ref: 00007FFB1BABA5FC
                                                                                                                                                                                                        • PyObject_Call.PYTHON312 ref: 00007FFB1BABA61F
                                                                                                                                                                                                        • _Py_Dealloc.PYTHON312 ref: 00007FFB1BABA646
                                                                                                                                                                                                        • _PyTraceback_Add.PYTHON312 ref: 00007FFB1BAC4C8E
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DeallocDict_Err_ItemOccurred$BuildCallDecodeErrorObject_Traceback_Unicode_ValueWith
                                                                                                                                                                                                        • String ID: (NN)$D:\a\1\s\Modules\pyexpat.c$StartNamespaceDecl
                                                                                                                                                                                                        • API String ID: 584796399-2703805572
                                                                                                                                                                                                        • Opcode ID: 93d16fd13933c3ec028ac19128389677458711e944e954116b0ef298f75332cb
                                                                                                                                                                                                        • Instruction ID: 4a7a0d27aac1b4d833d47ef95ae58ccb8518ec4e2ce0d777a4af2eb45766f1b7
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 93d16fd13933c3ec028ac19128389677458711e944e954116b0ef298f75332cb
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 61312FF1A29F4282EA558B35D66837827A2EF55BA1F04E235CA1D477B5DF3CE042C300
                                                                                                                                                                                                        Function 00007FFB1BAB20C0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 78COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CallDeallocErr_FormatFromObjectObject_Unicode_
                                                                                                                                                                                                        • String ID: %s: line %i, column %i$code$lineno$offset
                                                                                                                                                                                                        • API String ID: 3949272335-733642575
                                                                                                                                                                                                        • Opcode ID: 9250e8cfc2cbcc391427fc45a2911b63fe3696ce263dbd5e79898a4ed5546f2e
                                                                                                                                                                                                        • Instruction ID: ae8311b99095b67fe24d683cfa2a5f540f89dc792434200e730541e332b38cad
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9250e8cfc2cbcc391427fc45a2911b63fe3696ce263dbd5e79898a4ed5546f2e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 733173B1A28F4240EA149B36F90417967A2AF46BF0F48B632DE1E47775DE3CE440C740
                                                                                                                                                                                                        Function 00007FFB1BAC9B38 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • read() did not return a bytes object (type=%.400s), xrefs: 00007FFB1BAC9B9F
                                                                                                                                                                                                        • read() returned too much data: %i bytes requested, %zd returned, xrefs: 00007FFB1BAC9BEC
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DeallocErr_Format$CallFunctionObject_SubtypeType_memcpy
                                                                                                                                                                                                        • String ID: read() did not return a bytes object (type=%.400s)$read() returned too much data: %i bytes requested, %zd returned
                                                                                                                                                                                                        • API String ID: 3745068949-2560037398
                                                                                                                                                                                                        • Opcode ID: a1b236f3e73d0e47e69149c65c899753f6d2fc7ada5ac7bad9730107082b24b3
                                                                                                                                                                                                        • Instruction ID: 27fa06e497df2476245f2637777d8e8ef369f37d1788bfd075d4449f748eb5f5
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a1b236f3e73d0e47e69149c65c899753f6d2fc7ada5ac7bad9730107082b24b3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F13122B1A28F4281EA558B36E84437923A2BB45FB4F44E232D90E876B5CF6CE584C740
                                                                                                                                                                                                        Function 00007FFB0B6645B8 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 59COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623328160.00007FFB0B661000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFB0B660000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623310302.00007FFB0B660000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B665000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B6C2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B70E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B712000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B717000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B76F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623528885.00007FFB0B772000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623548443.00007FFB0B774000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b660000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Arg_$ArgumentCheckDigitErr_FromLongLong_PositionalStringUnicode_
                                                                                                                                                                                                        • String ID: a unicode character$argument 1$digit$not a digit
                                                                                                                                                                                                        • API String ID: 4245020737-4278345224
                                                                                                                                                                                                        • Opcode ID: aed245a8664a28b413df88f13d2b45979c93eee2f6ab32f7962ea5d8cc8ee058
                                                                                                                                                                                                        • Instruction ID: 84d952e54ede9b38eba647f05abb33e1d47e5c9802857633a97da92c312162cf
                                                                                                                                                                                                        • Opcode Fuzzy Hash: aed245a8664a28b413df88f13d2b45979c93eee2f6ab32f7962ea5d8cc8ee058
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A82119B1A086469AEB508F35EC51979A3A0FF66B88F44D439EA0FC7774DE2CE5458700
                                                                                                                                                                                                        Function 00007FFB1BAC9CEC Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 54COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Err_$Mem_$FreeLongLong_MallocMemoryOccurredString
                                                                                                                                                                                                        • String ID: Cannot delete attribute$buffer_size must be an integer$buffer_size must be greater than zero
                                                                                                                                                                                                        • API String ID: 2113995896-4286141126
                                                                                                                                                                                                        • Opcode ID: 5ce22ec7a5eeaadf8e51ddb76799665e5f5b6b5ef8717c669ca3fae9a628f4a5
                                                                                                                                                                                                        • Instruction ID: 7da733e923e420133ec3c058c84bcbdbb46456858745cd3fdaa64d53718c8c1b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5ce22ec7a5eeaadf8e51ddb76799665e5f5b6b5ef8717c669ca3fae9a628f4a5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0221D8A1A28E0785FA668B35E55437823B2BF84BB5F14F331D95D962B4EF2CE484C301
                                                                                                                                                                                                        Function 00007FFB1BB129F0 Relevance: 15.1, APIs: 10, Instructions: 74COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DeallocX_free$Bytes_DigestErr_FinalFromMemorySizeStringX_copyX_new
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3259613670-0
                                                                                                                                                                                                        • Opcode ID: fe3140ffdaea4486d0fe5e17a3b34f6e8260431c41861cceae0a6fcac3a582bc
                                                                                                                                                                                                        • Instruction ID: 85963410fe7df06a30cce89b1a6128e59790442983f0ef8265a88e26d23e3b2c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: fe3140ffdaea4486d0fe5e17a3b34f6e8260431c41861cceae0a6fcac3a582bc
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7931CBE9A19E02C1EB349B32F95437A62A2FF49BB0F08A431D90E47A71DF2CE0518700
                                                                                                                                                                                                        Function 00007FF7EC506300 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                        • String ID: -$:$f$p$p
                                                                                                                                                                                                        • API String ID: 3215553584-2013873522
                                                                                                                                                                                                        • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                        • Instruction ID: e953018cc37c7f10b177efc585f8793c62ef85102ddbae0c73ac5290d29450d5
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 41128269E0C54386FB207A14915637DB6A1FB40758FE44537EA8987AC4EF3CE580EB22
                                                                                                                                                                                                        Function 00007FF7EC501038 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                        • String ID: f$f$p$p$f
                                                                                                                                                                                                        • API String ID: 3215553584-1325933183
                                                                                                                                                                                                        • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                        • Instruction ID: 620bd9c337f4529107787cc60aa11729e374c637cc2a765e566c33a88405ceed
                                                                                                                                                                                                        • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3C125329E0C14385FB24BA55A4567BBB6A1FB40758FE84037F699879C4EB7CE440CB23
                                                                                                                                                                                                        Function 00007FF7EC4F1050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                        • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                        • API String ID: 2050909247-3659356012
                                                                                                                                                                                                        • Opcode ID: de8e61ec69997f11b469c92c7e882d5c70667b0ffac99a6e4ea54993eceeeb84
                                                                                                                                                                                                        • Instruction ID: 4025d8f5284889c4f6cb4409de4fff5b4624f037026b39c4122b74f586bc60c1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: de8e61ec69997f11b469c92c7e882d5c70667b0ffac99a6e4ea54993eceeeb84
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C241AEA9A0869281FA10FB11A9057BAE798BF49BC8FD05433ED0C47785DE3CE519C362
                                                                                                                                                                                                        Function 00007FF7EC4F8850 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetTempPathW.KERNEL32(?,?,00000000,00007FF7EC4F3CBB), ref: 00007FF7EC4F88F4
                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,00000000,00007FF7EC4F3CBB), ref: 00007FF7EC4F88FA
                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32(?,00000000,00007FF7EC4F3CBB), ref: 00007FF7EC4F893C
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC4F8A20: GetEnvironmentVariableW.KERNEL32(00007FF7EC4F388E), ref: 00007FF7EC4F8A57
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC4F8A20: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7EC4F8A79
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC5082A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7EC5082C1
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC4F2810: MessageBoxW.USER32 ref: 00007FF7EC4F28EA
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                        • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                        • API String ID: 3563477958-1339014028
                                                                                                                                                                                                        • Opcode ID: 6ea14b1c2d16789ddeaa0d8cc05df9935aa6d91fa7ad17376743f3d33dced37a
                                                                                                                                                                                                        • Instruction ID: 4da0bb27779f692da0850050394f9b82dda0bac95829d43a9b5824828dd05d42
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6ea14b1c2d16789ddeaa0d8cc05df9935aa6d91fa7ad17376743f3d33dced37a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6E41D319A08B8250FA21FB21A8557F99794AF877C8FD01133DD0D4B396EE3CD519C322
                                                                                                                                                                                                        Function 00007FFB1BB159A4 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 97COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Arg_Buffer_$ArgumentBufferContiguousKeywordsObject_ReleaseUnpack
                                                                                                                                                                                                        • String ID: argument 'key'$contiguous buffer$hmac_new
                                                                                                                                                                                                        • API String ID: 3699177490-206859838
                                                                                                                                                                                                        • Opcode ID: 92e01fe3e239f4baa3d1c53ddd7dbdb339a66e29b334e2e7005b17129088b70e
                                                                                                                                                                                                        • Instruction ID: 98f04298d34c6d9ad5c12e9206e7ff676c6e3607fdc93fdbd2f3374a3aebb796
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 92e01fe3e239f4baa3d1c53ddd7dbdb339a66e29b334e2e7005b17129088b70e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 114192A6A19F82C1EA708F61F4803AAA362FB457A4F48A136DE4D07A65DF7CE545C700
                                                                                                                                                                                                        Function 00007FFB1BAC9788 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Dealloc$Err_$AttrLookupModuleObject_OccurredStateStringType_
                                                                                                                                                                                                        • String ID: argument must have 'read' attribute
                                                                                                                                                                                                        • API String ID: 2477349089-3754724333
                                                                                                                                                                                                        • Opcode ID: 392e55b7b07e6a1d74904d220fe4e06a02d52e1d855643be9813dcf36cefdb2d
                                                                                                                                                                                                        • Instruction ID: ff709c20db29cb3379162b9ab04e61e78649047b314e3a1bfab974d0c7b35da0
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 392e55b7b07e6a1d74904d220fe4e06a02d52e1d855643be9813dcf36cefdb2d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 47414CB5A2AF0285FA169F36D45437963A2EF89FB4F54A231DA0D87670DE2DE4818700
                                                                                                                                                                                                        Function 00007FFB1BB122A0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 78COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: D_fetch$D_up_refModule_Py_hashtable_getState
                                                                                                                                                                                                        • String ID: -fips$unsupported hash type %s
                                                                                                                                                                                                        • API String ID: 1568902971-2522765902
                                                                                                                                                                                                        • Opcode ID: 21af0e8b8b37a6e6624241b46ef36009497d665bd416e3addeca79131f843395
                                                                                                                                                                                                        • Instruction ID: 7c89692dfb82bce945cd138e70c2f910917e2e8911df0b54f533d766be09e9bd
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 21af0e8b8b37a6e6624241b46ef36009497d665bd416e3addeca79131f843395
                                                                                                                                                                                                        • Instruction Fuzzy Hash: EF314EE9A09F42C5EA754B36F49437F62A2FF49BA0B18A035DE0D07F74DE2DE5418240
                                                                                                                                                                                                        Function 00007FFB1BB15E48 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 71threadCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Err_$Eval_FormatStringThread$Bytes_D_freeFromModule_OccurredR_peek_last_errorRestoreSaveSizeState
                                                                                                                                                                                                        • String ID: key is too long.$msg is too long.
                                                                                                                                                                                                        • API String ID: 915225383-4266787399
                                                                                                                                                                                                        • Opcode ID: 2f65d5f196eb312671ef98f85f32574b64a8082b6d2e0e519788a439bb9ca827
                                                                                                                                                                                                        • Instruction ID: 43750a67fe991aa5d021845d9d936c2990c9947c9544663678c72c83ee0c8a1b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2f65d5f196eb312671ef98f85f32574b64a8082b6d2e0e519788a439bb9ca827
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C73110A6A18F81C6E620CB21F44437A6362FB89BA4F54A235DD4D47F64DF3CD155C700
                                                                                                                                                                                                        Function 00007FFB0B7C1C2B Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623763458.00007FFB0B7C1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0B7C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623744061.00007FFB0B7C0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623763458.00007FFB0B842000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623835541.00007FFB0B844000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623862928.00007FFB0B86C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B871000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B877000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B87F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b7c0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                        • String ID: ..\s\ssl\tls_depr.c$SSL_CTX_set_client_cert_engine
                                                                                                                                                                                                        • API String ID: 1552677711-2801407537
                                                                                                                                                                                                        • Opcode ID: dd8926da48fe554bf7bef03d4ee45b681770d80b6e123e6bbc4578b5fef0e44d
                                                                                                                                                                                                        • Instruction ID: 17b27209e3284a036eb0b591ee7139cd75f758e603219abf43c931bb3989b7d6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: dd8926da48fe554bf7bef03d4ee45b681770d80b6e123e6bbc4578b5fef0e44d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B3113092B2834242EB89E775E941EB92251EF487C4F949031F90ED2AB7EE2CE5509A00
                                                                                                                                                                                                        Function 00007FFB1BAC98D4 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Arg_ArgumentErr_SizeStringUnicode_
                                                                                                                                                                                                        • String ID: SetBase$argument$embedded null character$str
                                                                                                                                                                                                        • API String ID: 4155279725-2697211746
                                                                                                                                                                                                        • Opcode ID: 117c717091aa7093de70094572ce0667172ab9862ce5ab9aeb70db720a44490a
                                                                                                                                                                                                        • Instruction ID: 4283ac7128a8c2e774dc18eee2534a98218d39d7936f3186e8f9cdf6f426d8e5
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 117c717091aa7093de70094572ce0667172ab9862ce5ab9aeb70db720a44490a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FD213EA1B28F8291EA558B36E45027D63A2BF48BB0F44E335DA6E473B4DE2CE454C301
                                                                                                                                                                                                        Function 00007FFB0B7CDC42 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623763458.00007FFB0B7C1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0B7C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623744061.00007FFB0B7C0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623763458.00007FFB0B842000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623835541.00007FFB0B844000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623862928.00007FFB0B86C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B871000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B877000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B87F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b7c0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: R_newR_set_debug$R_set_error$Y_freeY_get_security_bits
                                                                                                                                                                                                        • String ID: ..\s\ssl\s3_lib.c$ssl3_ctx_ctrl
                                                                                                                                                                                                        • API String ID: 3247900180-780421027
                                                                                                                                                                                                        • Opcode ID: 3080496033423c14b35dd283f7f5fa62782183a524f3f840e6e276bcf112f778
                                                                                                                                                                                                        • Instruction ID: a6e2f822103895bfebb1203fd7edd4cf49cb7f84c38287dc66e1336873489561
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3080496033423c14b35dd283f7f5fa62782183a524f3f840e6e276bcf112f778
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8F0180D2F1D34259FAA4A736EA41EBE2241EF547C4F848039D90FD6AF7DE2CE5818601
                                                                                                                                                                                                        Function 00007FF7EC4FEA78 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                        • String ID: csm$csm$csm
                                                                                                                                                                                                        • API String ID: 849930591-393685449
                                                                                                                                                                                                        • Opcode ID: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                        • Instruction ID: 605b87cde9a34c5f97df16cd71460f891624407db5ad5500d10dff8664f2a9bb
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 82D1812690878186EB20EF25D4403ADABA4FB4678DF502136EE4D57B95DF38E064C722
                                                                                                                                                                                                        Function 00007FF7EC50ED80 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,?,00007FF7EC50F11A,?,?,0000020F93FD8B18,00007FF7EC50ADC3,?,?,?,00007FF7EC50ACBA,?,?,?,00007FF7EC505FAE), ref: 00007FF7EC50EEFC
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,?,00007FF7EC50F11A,?,?,0000020F93FD8B18,00007FF7EC50ADC3,?,?,?,00007FF7EC50ACBA,?,?,?,00007FF7EC505FAE), ref: 00007FF7EC50EF08
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                        • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                        • API String ID: 3013587201-537541572
                                                                                                                                                                                                        • Opcode ID: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                        • Instruction ID: 2297ada27a272a3d3b5b31b59bc1d02564e66ab5e465fc87718be5af51feee6b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B3414529B18A0242FA16EB129805775A3A5BF48B94FF8413BDD5D87384EE7CE405C326
                                                                                                                                                                                                        Function 00007FF7EC4F2C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF7EC4F3706,?,00007FF7EC4F3804), ref: 00007FF7EC4F2C9E
                                                                                                                                                                                                        • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7EC4F3706,?,00007FF7EC4F3804), ref: 00007FF7EC4F2D63
                                                                                                                                                                                                        • MessageBoxW.USER32 ref: 00007FF7EC4F2D99
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Message$CurrentFormatProcess
                                                                                                                                                                                                        • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                                                                                                                                        • API String ID: 3940978338-251083826
                                                                                                                                                                                                        • Opcode ID: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                        • Instruction ID: 75c899662008375250c94876fc028b98e53e6cc83979677391d600d11a916fa1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4231F87A708A8142F620BB21A8047ABA695BF897DCF900137EF4D93759EF3CD51AC311
                                                                                                                                                                                                        Function 00007FFB1BAC8A6C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 82COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • PyErr_Occurred.PYTHON312 ref: 00007FFB1BAC8AA1
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyUnicode_DecodeUTF8.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6B3
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyDict_GetItemWithError.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6D6
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyErr_Occurred.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6E4
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyDict_SetItem.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6FD
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: _Py_Dealloc.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA735
                                                                                                                                                                                                        • Py_BuildValue.PYTHON312 ref: 00007FFB1BAC8B07
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABB998: PyObject_Call.PYTHON312 ref: 00007FFB1BABB9B8
                                                                                                                                                                                                        • _Py_Dealloc.PYTHON312 ref: 00007FFB1BAC8B56
                                                                                                                                                                                                        • PyLong_AsLong.PYTHON312 ref: 00007FFB1BAC8B64
                                                                                                                                                                                                        • _Py_Dealloc.PYTHON312 ref: 00007FFB1BAC8B7A
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Dealloc$Dict_Err_ItemOccurred$BuildCallDecodeErrorLongLong_Object_Unicode_ValueWith
                                                                                                                                                                                                        • String ID: (O&NNN)$ExternalEntityRef
                                                                                                                                                                                                        • API String ID: 1931057526-2495634347
                                                                                                                                                                                                        • Opcode ID: f644d59a449755ad53eea0be8c066e74df9d5646f5ca59b7fae65efc6068dc13
                                                                                                                                                                                                        • Instruction ID: 60e86e68d2db432d8f9d258b002332085bff30e3c61bd7c22873167bb631c732
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f644d59a449755ad53eea0be8c066e74df9d5646f5ca59b7fae65efc6068dc13
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC315EB1A28F0282EA109F32D914279A7A6BB44FF1F08A235DA4D47B75DF3CE1428340
                                                                                                                                                                                                        Function 00007FFB1BABA000 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 81COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DeallocErr_$DecodeOccurredStringUnicode_
                                                                                                                                                                                                        • String ID: multi-byte encodings are not supported$replace
                                                                                                                                                                                                        • API String ID: 2771326594-2045899619
                                                                                                                                                                                                        • Opcode ID: 7c9df5313c6166fdc56dd70bfe3baf1ed628644891bcdbd412957f1f5700911b
                                                                                                                                                                                                        • Instruction ID: f2a54c43e6e03a64566328503ab024091802b14c85c980e09d6bf42fad4bd683
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7c9df5313c6166fdc56dd70bfe3baf1ed628644891bcdbd412957f1f5700911b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 993163B1B28B5692EA648B31E91437823A6FB45BA1F04E235DA6D477A0CF3DE941C700
                                                                                                                                                                                                        Function 00007FFB1BABA680 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Dict_Item$DeallocDecodeErr_ErrorOccurredUnicode_With
                                                                                                                                                                                                        • String ID: strict
                                                                                                                                                                                                        • API String ID: 3144736171-2947452218
                                                                                                                                                                                                        • Opcode ID: 0ad87e13cd6d6bc5e5838264ad404c3cd7b45d0055a098df89416ae46db0d7e3
                                                                                                                                                                                                        • Instruction ID: acb705b278ba307745f519de48ae5e0e7af284c13f09947a0f9ceb8789fa066f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0ad87e13cd6d6bc5e5838264ad404c3cd7b45d0055a098df89416ae46db0d7e3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B32123B5A2CF4281EA558B31E91427463A2FF49BB1F08B331D92E867B4DF3CE4818700
                                                                                                                                                                                                        Function 00007FFB1BAB136C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DeallocList_$AppendBuildModule_ObjectValue
                                                                                                                                                                                                        • String ID: features
                                                                                                                                                                                                        • API String ID: 2094461166-3217087507
                                                                                                                                                                                                        • Opcode ID: d9baa83fa803ead0b3c70fcf3af62d8130f9f4595fb1e4232ae5dba27b02c81e
                                                                                                                                                                                                        • Instruction ID: 10cc2f0a5b33b1beb1906bfa57a81500902ed46dd47bbc61e7b91a7d865223cd
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d9baa83fa803ead0b3c70fcf3af62d8130f9f4595fb1e4232ae5dba27b02c81e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1D2110B2A3CF0386E6644B32E94423966A2FB45BB1F44E235D95D82674EF3DE541C710
                                                                                                                                                                                                        Function 00007FFB0B7EBC40 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623763458.00007FFB0B7C1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0B7C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623744061.00007FFB0B7C0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623763458.00007FFB0B842000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623835541.00007FFB0B844000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623862928.00007FFB0B86C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B871000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B877000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B87F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b7c0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: R_newR_set_debugR_set_errorY_freeY_up_ref
                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_rsa.c$ssl_set_pkey
                                                                                                                                                                                                        • API String ID: 4194652714-507513155
                                                                                                                                                                                                        • Opcode ID: 39f4fb155c2929f564d4ecb20fc359980c90a3723bdfcedffaf70fc587f1c144
                                                                                                                                                                                                        • Instruction ID: 42bd1aa7930b898c5f9996a7f64a4c8e6135f0572ddba32c47431beea45adf76
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 39f4fb155c2929f564d4ecb20fc359980c90a3723bdfcedffaf70fc587f1c144
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E3214FA3B18B4291EF40DB25E580ABD6360FB99B84F948131EB4E837B6EE38D551C700
                                                                                                                                                                                                        Function 00007FFB1BB16304 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Err_Module_State$Dict_ErrorFormatItemOccurredUnicode_With
                                                                                                                                                                                                        • String ID: Unsupported digestmod %R
                                                                                                                                                                                                        • API String ID: 894184546-2483404930
                                                                                                                                                                                                        • Opcode ID: c3bdf881144e16697e633a63bebca94df402c8bf7734f8249c7e13abaeb92806
                                                                                                                                                                                                        • Instruction ID: 83276c06c5190ff5f9be9fcb62f4ad6a990c82562c7ff3eb63683b0bcb86a2ad
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c3bdf881144e16697e633a63bebca94df402c8bf7734f8249c7e13abaeb92806
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C8011BD8B09E42C1EA248B66F54437A62A2FF49FE0F08E039E94E47B70DE2CA545C200
                                                                                                                                                                                                        Function 00007FFB1BAB1CD4 Relevance: 12.1, APIs: 8, Instructions: 90COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • PyModule_AddStringConstant.PYTHON312(?,?,00000000,00007FFB1BAB1C46,?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAB1D2A
                                                                                                                                                                                                        • PyLong_FromLong.PYTHON312(?,?,00000000,00007FFB1BAB1C46,?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAB1D3A
                                                                                                                                                                                                        • PyDict_SetItemString.PYTHON312(?,?,00000000,00007FFB1BAB1C46,?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAB1D51
                                                                                                                                                                                                        • PyUnicode_FromString.PYTHON312(?,?,00000000,00007FFB1BAB1C46,?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAB1D62
                                                                                                                                                                                                        • PyDict_SetItem.PYTHON312(?,?,00000000,00007FFB1BAB1C46,?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAB1D7D
                                                                                                                                                                                                        • _Py_Dealloc.PYTHON312(?,?,00000000,00007FFB1BAB1C46,?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAC0F37
                                                                                                                                                                                                        • _Py_Dealloc.PYTHON312(?,?,00000000,00007FFB1BAB1C46,?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAC0F46
                                                                                                                                                                                                        • _Py_Dealloc.PYTHON312(?,?,00000000,00007FFB1BAB1C46,?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAC0F5F
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DeallocString$Dict_FromItem$ConstantLongLong_Module_Unicode_
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3707016883-0
                                                                                                                                                                                                        • Opcode ID: 84f8af778af96256bb73a7633c23d0131b7d3a011c5f4d3fa549140b8f55243d
                                                                                                                                                                                                        • Instruction ID: 337f0d0294046826d50f3058474bb4375b2c3826292d806df2cec563f1b8a6ac
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 84f8af778af96256bb73a7633c23d0131b7d3a011c5f4d3fa549140b8f55243d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 733180A1A28F1681EA158F33E9045796396AF49FF0F18E635DE1D42771DE3CF1468300
                                                                                                                                                                                                        Function 00007FFB1BAB151C Relevance: 12.1, APIs: 8, Instructions: 69stringCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • strrchr.VCRUNTIME140(?,?,00000000,00007FFB1BAB1BF5,?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAB153E
                                                                                                                                                                                                        • PyModule_New.PYTHON312(?,?,00000000,00007FFB1BAB1BF5,?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAB154A
                                                                                                                                                                                                        • PyUnicode_FromString.PYTHON312(?,?,00000000,00007FFB1BAB1BF5,?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAB155B
                                                                                                                                                                                                        • _PyImport_SetModule.PYTHON312(?,?,00000000,00007FFB1BAB1BF5,?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAB1573
                                                                                                                                                                                                        • PyModule_AddObject.PYTHON312(?,?,00000000,00007FFB1BAB1BF5,?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAB159A
                                                                                                                                                                                                        • _Py_Dealloc.PYTHON312(?,?,00000000,00007FFB1BAB1BF5,?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAC062A
                                                                                                                                                                                                        • _Py_Dealloc.PYTHON312(?,?,00000000,00007FFB1BAB1BF5,?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAC0646
                                                                                                                                                                                                        • _Py_Dealloc.PYTHON312(?,?,00000000,00007FFB1BAB1BF5,?,?,?,00007FFB1BAB1183), ref: 00007FFB1BAC0655
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Dealloc$Module_$FromImport_ModuleObjectStringUnicode_strrchr
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 261865307-0
                                                                                                                                                                                                        • Opcode ID: 6b43f57cfe7790c8d5c1a9e1ac99a9270e32176049e4d87aba18ff27c32404a2
                                                                                                                                                                                                        • Instruction ID: fe6eef95819990d22eb646f35c83590422f2963cbfdb7934ec92403453dbd930
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6b43f57cfe7790c8d5c1a9e1ac99a9270e32176049e4d87aba18ff27c32404a2
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2B210EB1A6CF4281EA244F32DA542392296AF49BF4F08E630DA1E82675EF3CE441C351
                                                                                                                                                                                                        Function 00007FFB1AB11D30 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 195COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2626635221.00007FFB1AB11000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB1AB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2626603475.00007FFB1AB10000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2626660804.00007FFB1AB14000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2626681960.00007FFB1AB15000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2626712116.00007FFB1AB16000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1ab10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _wassert$memcpy
                                                                                                                                                                                                        • String ID: hs->curlen < BLOCK_SIZE$src/SHA1.c
                                                                                                                                                                                                        • API String ID: 4292997394-330188172
                                                                                                                                                                                                        • Opcode ID: 9aa7c3724df43c7763e1fe33636668700a5e685dea0693ead42e9f10e503c155
                                                                                                                                                                                                        • Instruction ID: 277ab36d98d4046bd6ddafb175318bb9b6e07f775530960527f86bc203c65379
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9aa7c3724df43c7763e1fe33636668700a5e685dea0693ead42e9f10e503c155
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B691B166F18BC586FB11CB34E5043AE6766FB98394F449236DE4C12A5AEB38E585C700
                                                                                                                                                                                                        Function 00007FFB1BA61D80 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 141COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627179287.00007FFB1BA61000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BA60000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627156241.00007FFB1BA60000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627202946.00007FFB1BA63000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627227017.00007FFB1BA64000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627252427.00007FFB1BA65000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1ba60000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _wassertmemcpymemmove
                                                                                                                                                                                                        • String ID: @$cfbState->usedKeyStream <= segment_len$src/raw_cfb.c
                                                                                                                                                                                                        • API String ID: 750734614-1361193148
                                                                                                                                                                                                        • Opcode ID: 291840892e0951460bb4d7aa888ad5ee9f86b5d89407f6ece59ae0693007ec5f
                                                                                                                                                                                                        • Instruction ID: 609602ebebf29e53ceb3f58f2c5f4fc2a430cdc319099d85005c55b2aaae40c4
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 291840892e0951460bb4d7aa888ad5ee9f86b5d89407f6ece59ae0693007ec5f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2651D0E2B24B8186E6018B3AE4005696762FB95BE4F04B73ADE8D53755EF3CE555C300
                                                                                                                                                                                                        Function 00007FFB0B6616F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 122COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623328160.00007FFB0B661000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFB0B660000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623310302.00007FFB0B660000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B665000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B6C2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B70E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B712000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B717000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B76F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623528885.00007FFB0B772000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623548443.00007FFB0B774000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b660000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Arg_ArgumentFromStringSubtypeType_Unicode_
                                                                                                                                                                                                        • String ID: a unicode character$argument$category
                                                                                                                                                                                                        • API String ID: 1318908108-2068800536
                                                                                                                                                                                                        • Opcode ID: 85221ed5b794fefa614671eb505fc7944d537497b256900e3b823b4235f4782d
                                                                                                                                                                                                        • Instruction ID: f4a7a36a0e00daffa28f3efd79ab85c206d21e2d22e56ade303f57b8f2d9bb73
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 85221ed5b794fefa614671eb505fc7944d537497b256900e3b823b4235f4782d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: CA51ACE1B196464AEB588B25D8506B8A761EB87784F44903DFA4FD77B0DF3CE851C340
                                                                                                                                                                                                        Function 00007FFB1BAC94D4 Relevance: 10.6, APIs: 7, Instructions: 118COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: MallocMem_Object_$DeallocErr_MemoryModuleStateTrackType_
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 702796062-0
                                                                                                                                                                                                        • Opcode ID: 8c302e7add0ec89945e52395a4ead2480d7aecddae52073c547fff74d3b613bb
                                                                                                                                                                                                        • Instruction ID: f3a1c14b93b4bc7b6b18cb3316eb6ca616517e6b3530d63d2c0491e3f03240f1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8c302e7add0ec89945e52395a4ead2480d7aecddae52073c547fff74d3b613bb
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F85123B2A25F4286EB65CF35E44412837A6FB48FA4B04A235DA1E977B4DF3CE854C300
                                                                                                                                                                                                        Function 00007FFB0B661000 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 106COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623328160.00007FFB0B661000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFB0B660000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623310302.00007FFB0B660000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B665000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B6C2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B70E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B712000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B717000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B76F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623528885.00007FFB0B772000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623548443.00007FFB0B774000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b660000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Arg_ArgumentFromStringSubtypeType_Unicode_
                                                                                                                                                                                                        • String ID: a unicode character$argument$bidirectional
                                                                                                                                                                                                        • API String ID: 1318908108-2110215792
                                                                                                                                                                                                        • Opcode ID: 5ca945e71462204c3220177ec9e6a27065e7f9c311bd085c84fc819a6770995f
                                                                                                                                                                                                        • Instruction ID: e7e9473f36c72f1909ec440c406f4b53f42abc8f82df1069c89b29eccc1c594b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5ca945e71462204c3220177ec9e6a27065e7f9c311bd085c84fc819a6770995f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2641D7E1F1C68249EF548B25DC51B79A361EB47790F44A03DEA5FD76A4CE2DE891C300
                                                                                                                                                                                                        Function 00007FFB1BAC88F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • PyErr_Occurred.PYTHON312 ref: 00007FFB1BAC892A
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyUnicode_DecodeUTF8.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6B3
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyDict_GetItemWithError.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6D6
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyErr_Occurred.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6E4
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyDict_SetItem.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6FD
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: _Py_Dealloc.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA735
                                                                                                                                                                                                        • Py_BuildValue.PYTHON312 ref: 00007FFB1BAC89D6
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABB998: PyObject_Call.PYTHON312 ref: 00007FFB1BABB9B8
                                                                                                                                                                                                        • _Py_Dealloc.PYTHON312 ref: 00007FFB1BAC8A26
                                                                                                                                                                                                        • _Py_Dealloc.PYTHON312 ref: 00007FFB1BAC8A3E
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Dealloc$Dict_Err_ItemOccurred$BuildCallDecodeErrorObject_Unicode_ValueWith
                                                                                                                                                                                                        • String ID: EntityDecl$NiNNNNN
                                                                                                                                                                                                        • API String ID: 2384994390-924104366
                                                                                                                                                                                                        • Opcode ID: 479c484b336be5931833bf550f7160972852e89a897725e9dc3a9ba0fb67bbac
                                                                                                                                                                                                        • Instruction ID: d56a186f11b25e02960f21cddda996282c4095ee30e6ee3bf69973bb9572e1f7
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 479c484b336be5931833bf550f7160972852e89a897725e9dc3a9ba0fb67bbac
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4C41B4B2A29B4281EA109B22E9042BA6396FB44FF0F45E635DE5D47765DF3CD0418340
                                                                                                                                                                                                        Function 00007FFB1BAC9088 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 88COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • PyErr_Occurred.PYTHON312 ref: 00007FFB1BAC90C0
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyUnicode_DecodeUTF8.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6B3
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyDict_GetItemWithError.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6D6
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyErr_Occurred.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6E4
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyDict_SetItem.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6FD
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: _Py_Dealloc.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA735
                                                                                                                                                                                                        • Py_BuildValue.PYTHON312 ref: 00007FFB1BAC9140
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABB998: PyObject_Call.PYTHON312 ref: 00007FFB1BABB9B8
                                                                                                                                                                                                        • _Py_Dealloc.PYTHON312 ref: 00007FFB1BAC918D
                                                                                                                                                                                                        • _Py_Dealloc.PYTHON312 ref: 00007FFB1BAC91A6
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Dealloc$Dict_Err_ItemOccurred$BuildCallDecodeErrorObject_Unicode_ValueWith
                                                                                                                                                                                                        • String ID: (NNNNN)$UnparsedEntityDecl
                                                                                                                                                                                                        • API String ID: 2384994390-4202326955
                                                                                                                                                                                                        • Opcode ID: 7a4ae0b80d43f6857f026c72359f746da0ce0e6c27a190e2ee1f848b668d8562
                                                                                                                                                                                                        • Instruction ID: 0c63b6eebd65df2a047b9b445e7a4e1c1aac20886e5d12a07e4a21fbf226d654
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7a4ae0b80d43f6857f026c72359f746da0ce0e6c27a190e2ee1f848b668d8562
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 543170B1A29B0282EA559B22E91926967A6BF44FF1F09A236DE4C47775DF3CE0418340
                                                                                                                                                                                                        Function 00007FF7EC4FDD38 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,?,?,00007FF7EC4FDFEA,?,?,?,00007FF7EC4FDCDC,?,?,?,00007FF7EC4FD8D9), ref: 00007FF7EC4FDDBD
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF7EC4FDFEA,?,?,?,00007FF7EC4FDCDC,?,?,?,00007FF7EC4FD8D9), ref: 00007FF7EC4FDDCB
                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,?,?,00007FF7EC4FDFEA,?,?,?,00007FF7EC4FDCDC,?,?,?,00007FF7EC4FD8D9), ref: 00007FF7EC4FDDF5
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,?,00007FF7EC4FDFEA,?,?,?,00007FF7EC4FDCDC,?,?,?,00007FF7EC4FD8D9), ref: 00007FF7EC4FDE63
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,?,00007FF7EC4FDFEA,?,?,?,00007FF7EC4FDCDC,?,?,?,00007FF7EC4FD8D9), ref: 00007FF7EC4FDE6F
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                        • String ID: api-ms-
                                                                                                                                                                                                        • API String ID: 2559590344-2084034818
                                                                                                                                                                                                        • Opcode ID: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                        • Instruction ID: cc9017204bedff623735b6ffc2e0c8100951f9d58a814dad63940d3a29c69e1a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C631D629B19A8285EE12FF02A8043B5A798FF59BA8FD91136DD1D07384DF3CE458C325
                                                                                                                                                                                                        Function 00007FFB1BAC8628 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Dealloc$BuildDict_Err_ItemOccurredValue$DecodeErrorTuple_Unicode_With
                                                                                                                                                                                                        • String ID: ElementDecl
                                                                                                                                                                                                        • API String ID: 3369064983-3989113327
                                                                                                                                                                                                        • Opcode ID: 3ca2873d02efdbc4acf6b44234b1ea3302926a992645871bf41f295c6c4feff5
                                                                                                                                                                                                        • Instruction ID: 8d67b55a42204d0948d3248dc42ccc535fd75c88714565b07bfb322d429f2fbf
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3ca2873d02efdbc4acf6b44234b1ea3302926a992645871bf41f295c6c4feff5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5E3139B1A29F0281FA149F31E9083B863A2BF45BB5F18A634DA5D467B5EF3CE4418300
                                                                                                                                                                                                        Function 00007FFB1BAC8C88 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 80COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • PyErr_Occurred.PYTHON312 ref: 00007FFB1BAC8CBB
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyUnicode_DecodeUTF8.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6B3
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyDict_GetItemWithError.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6D6
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyErr_Occurred.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6E4
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyDict_SetItem.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6FD
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: _Py_Dealloc.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA735
                                                                                                                                                                                                        • Py_BuildValue.PYTHON312 ref: 00007FFB1BAC8D26
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABB998: PyObject_Call.PYTHON312 ref: 00007FFB1BABB9B8
                                                                                                                                                                                                        • _Py_Dealloc.PYTHON312 ref: 00007FFB1BAC8D71
                                                                                                                                                                                                        • _Py_Dealloc.PYTHON312 ref: 00007FFB1BAC8D8A
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Dealloc$Dict_Err_ItemOccurred$BuildCallDecodeErrorObject_Unicode_ValueWith
                                                                                                                                                                                                        • String ID: (NNNN)$NotationDecl
                                                                                                                                                                                                        • API String ID: 2384994390-1686118283
                                                                                                                                                                                                        • Opcode ID: 1e48cbf61aaa4887224a99473dc098e5f5f75ab727641dc9e72758438704608d
                                                                                                                                                                                                        • Instruction ID: 5aa3d0f47d123fd6d1fa392f7a567bdc0c3d963f78c05776437c861e2a9f5345
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1e48cbf61aaa4887224a99473dc098e5f5f75ab727641dc9e72758438704608d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F0318FA2A18F4285EA019F22E91437967A2FB55FF4F08A635DE4D47775EF3CE0418340
                                                                                                                                                                                                        Function 00007FFB1BABC560 Relevance: 10.6, APIs: 7, Instructions: 80COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DeallocFreeMem_Object_$Track
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2141335114-0
                                                                                                                                                                                                        • Opcode ID: f67eaa85f8158921936dd1ca02691f1c8a8d83c557ecd941eeedc8a65c4b5491
                                                                                                                                                                                                        • Instruction ID: 9814c87bdb50644bbf85081b5b3a4de6716bd647984aaa85418fcd67f59f6f0f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f67eaa85f8158921936dd1ca02691f1c8a8d83c557ecd941eeedc8a65c4b5491
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 55314CB6929F41C6EB148F30E95097977A6FB88BA4F18A635EA5E43A64DF3CD050C700
                                                                                                                                                                                                        Function 00007FFB1BAC8F64 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 76COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • PyErr_Occurred.PYTHON312 ref: 00007FFB1BAC8F98
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyUnicode_DecodeUTF8.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6B3
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyDict_GetItemWithError.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6D6
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyErr_Occurred.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6E4
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyDict_SetItem.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6FD
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: _Py_Dealloc.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA735
                                                                                                                                                                                                        • Py_BuildValue.PYTHON312 ref: 00007FFB1BAC8FF6
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABB998: PyObject_Call.PYTHON312 ref: 00007FFB1BABB9B8
                                                                                                                                                                                                        • _Py_Dealloc.PYTHON312 ref: 00007FFB1BAC9041
                                                                                                                                                                                                        • _Py_Dealloc.PYTHON312 ref: 00007FFB1BAC905A
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Dealloc$Dict_Err_ItemOccurred$BuildCallDecodeErrorObject_Unicode_ValueWith
                                                                                                                                                                                                        • String ID: (NNNi)$StartDoctypeDecl
                                                                                                                                                                                                        • API String ID: 2384994390-3468646127
                                                                                                                                                                                                        • Opcode ID: 1fb24b4686d6bc2006511b61ed343b77be12d45f85201630a775e67e4efb3681
                                                                                                                                                                                                        • Instruction ID: 3dce8199a883affa67326f8f333e6d7cd7318f034356bf0536e1053701a6d2bf
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1fb24b4686d6bc2006511b61ed343b77be12d45f85201630a775e67e4efb3681
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7D3193B5A28B4282EA549F32D91436967A6FB45FE0F08E235DE4D47BB1DF3CE0428300
                                                                                                                                                                                                        Function 00007FFB1BAC8420 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 73COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • PyErr_Occurred.PYTHON312 ref: 00007FFB1BAC8452
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyUnicode_DecodeUTF8.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6B3
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyDict_GetItemWithError.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6D6
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyErr_Occurred.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6E4
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyDict_SetItem.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6FD
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: _Py_Dealloc.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA735
                                                                                                                                                                                                        • Py_BuildValue.PYTHON312 ref: 00007FFB1BAC84BA
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABB998: PyObject_Call.PYTHON312 ref: 00007FFB1BABB9B8
                                                                                                                                                                                                        • _Py_Dealloc.PYTHON312 ref: 00007FFB1BAC8508
                                                                                                                                                                                                        • _Py_Dealloc.PYTHON312 ref: 00007FFB1BAC8521
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Dealloc$Dict_Err_ItemOccurred$BuildCallDecodeErrorObject_Unicode_ValueWith
                                                                                                                                                                                                        • String ID: (NNO&O&i)$AttlistDecl
                                                                                                                                                                                                        • API String ID: 2384994390-3385402447
                                                                                                                                                                                                        • Opcode ID: a8a7460b5b30755cb27030b1a36fc149d4585539a5807061a78df83e3d4d94b9
                                                                                                                                                                                                        • Instruction ID: 7e12332e5c960def70e521bedd3caf255fdfbd9a56aef2c29dbb87ebbcf7526f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a8a7460b5b30755cb27030b1a36fc149d4585539a5807061a78df83e3d4d94b9
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9A315EB2A18B4686EA148B31E54437963A2FB44BF0F449235EA8D47B75EF7CE4418700
                                                                                                                                                                                                        Function 00007FFB1BB139A0 Relevance: 10.6, APIs: 7, Instructions: 70COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Dealloc$Module_Py_hashtable_destroyState
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3151084188-0
                                                                                                                                                                                                        • Opcode ID: 2a5b51c5dd65ec995cca6e9dbb57e7de0e0f0a8c5aa7d857462c84f32df3a815
                                                                                                                                                                                                        • Instruction ID: 43fc8bb07a3c1a1b19eb4db6fb3507112a4c072ae1b6943ca17d236dd3b5304e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2a5b51c5dd65ec995cca6e9dbb57e7de0e0f0a8c5aa7d857462c84f32df3a815
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F3312CBAA1BE02D1E6794F75F49427E72A6FF44F65B28E130C60E42D64EE3D9442C310
                                                                                                                                                                                                        Function 00007FF7EC4F2A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF7EC4F351A,?,00000000,00007FF7EC4F3F23), ref: 00007FF7EC4F2AA0
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                        • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                        • API String ID: 2050909247-2900015858
                                                                                                                                                                                                        • Opcode ID: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                        • Instruction ID: eda745bd751ed575b2992d1ad00273abd9635a16d183fc8c2f4d91d32ca8d307
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D821B276A18B8282E720EB51B8417E6A7A4FB883C8F801133FE8C83659DF3CD159C751
                                                                                                                                                                                                        Function 00007FF7EC4F8760 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 995526605-0
                                                                                                                                                                                                        • Opcode ID: 1e3bf3a8b1345e2c0c0bdd6ff4e06add0bb9355989cc78c5a669156b3459c754
                                                                                                                                                                                                        • Instruction ID: 98f84f42fe8b4ef0f807d8ea7214c10b2359f60e199e38f1c7b177ade67d149f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1e3bf3a8b1345e2c0c0bdd6ff4e06add0bb9355989cc78c5a669156b3459c754
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1121C135A0CB8642EB10AB55F44433AE7A4FB867A4F901232EA6C47AE4DF7CD418C711
                                                                                                                                                                                                        Function 00007FFB0B7C1C67 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623763458.00007FFB0B7C1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0B7C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623744061.00007FFB0B7C0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623763458.00007FFB0B842000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623835541.00007FFB0B844000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623862928.00007FFB0B86C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B871000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B877000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B87F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b7c0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_lib.c$ssl3_output_cert_chain
                                                                                                                                                                                                        • API String ID: 193678381-603691555
                                                                                                                                                                                                        • Opcode ID: 914e99578b8a2340feb2187fde4d968e6669396d9b48054cc406757e69d5e224
                                                                                                                                                                                                        • Instruction ID: 0920be99341c8fd6ea1bf180ef5dff1383492063aa67a0fdb421048abec5d575
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 914e99578b8a2340feb2187fde4d968e6669396d9b48054cc406757e69d5e224
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5F2141A1B1C78241E690A732E941EB96650EB84BC4F849035EE4FD7BB7EE2CE5418B00
                                                                                                                                                                                                        Function 00007FFB1BAC91D8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Dealloc$BuildCallErr_Object_OccurredValue
                                                                                                                                                                                                        • String ID: (O&O&i)$XmlDecl
                                                                                                                                                                                                        • API String ID: 1677464630-1850199684
                                                                                                                                                                                                        • Opcode ID: bfa116e1429d5fb83d0b110645c9fe0a630855dc5390ccff8ecfa9ca4bf8d9fd
                                                                                                                                                                                                        • Instruction ID: 49628d36e3242f807cb470b36b556cb3cc63cd6710615bdf1170f0ffd374e0b3
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bfa116e1429d5fb83d0b110645c9fe0a630855dc5390ccff8ecfa9ca4bf8d9fd
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B6217FB1A28F4282E7159F71E5443A973A1FB49BA4F089235DA9D47B75DF3CE141C700
                                                                                                                                                                                                        Function 00007FF7EC50B1C0 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Value$ErrorLast
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2506987500-0
                                                                                                                                                                                                        • Opcode ID: 7a7efe5704aebd884d83a549bac9021180a30b6e3a5084d39c82c78793c2ea5e
                                                                                                                                                                                                        • Instruction ID: 75b99167c649b03cb59f56759bd8b694fce6ef8ade1ff19c6878394581acc2c4
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7a7efe5704aebd884d83a549bac9021180a30b6e3a5084d39c82c78793c2ea5e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 07215C2CE0CA0341FA58736156A733DE1925F447A8FB44736D93E86AD6EE3CA400C322
                                                                                                                                                                                                        Function 00007FFB1BABBA80 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • PyErr_Occurred.PYTHON312 ref: 00007FFB1BABBAA7
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyUnicode_DecodeUTF8.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6B3
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyDict_GetItemWithError.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6D6
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyErr_Occurred.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6E4
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyDict_SetItem.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6FD
                                                                                                                                                                                                        • Py_BuildValue.PYTHON312 ref: 00007FFB1BABBAE5
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABB998: PyObject_Call.PYTHON312 ref: 00007FFB1BABB9B8
                                                                                                                                                                                                        • _Py_Dealloc.PYTHON312 ref: 00007FFB1BABBB34
                                                                                                                                                                                                        • _Py_Dealloc.PYTHON312 ref: 00007FFB1BABBB51
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DeallocDict_Err_ItemOccurred$BuildCallDecodeErrorObject_Unicode_ValueWith
                                                                                                                                                                                                        • String ID: (NO&)$ProcessingInstruction
                                                                                                                                                                                                        • API String ID: 3887327737-1976967776
                                                                                                                                                                                                        • Opcode ID: c8002a03b6594b99d6ad2cf7f74be92e15ed71bb3a26f8799edd9796140a19fe
                                                                                                                                                                                                        • Instruction ID: 0a36b81a449e5c225ea1a5a176facbd983c07521b3b8e8837fe2efe632774794
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c8002a03b6594b99d6ad2cf7f74be92e15ed71bb3a26f8799edd9796140a19fe
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F22141B1A28F4282EA149B32D6143786392FF45BA5F549635DA5C877B5DF3CE041C301
                                                                                                                                                                                                        Function 00007FFB1BABC084 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 59COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • PyErr_Occurred.PYTHON312 ref: 00007FFB1BABC0A8
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyUnicode_DecodeUTF8.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6B3
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyDict_GetItemWithError.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6D6
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyErr_Occurred.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6E4
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyDict_SetItem.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6FD
                                                                                                                                                                                                        • Py_BuildValue.PYTHON312 ref: 00007FFB1BABC0D8
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABB998: PyObject_Call.PYTHON312 ref: 00007FFB1BABB9B8
                                                                                                                                                                                                        • _Py_Dealloc.PYTHON312 ref: 00007FFB1BABC123
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Dict_Err_ItemOccurred$BuildCallDeallocDecodeErrorObject_Unicode_ValueWith
                                                                                                                                                                                                        • String ID: (N)$EndNamespaceDecl
                                                                                                                                                                                                        • API String ID: 3568289713-1490285299
                                                                                                                                                                                                        • Opcode ID: e5919f85840e2881d5974f99a4fc792772a0936fee171e59e32c4caccd292814
                                                                                                                                                                                                        • Instruction ID: 4c0a4a84550cb7c3cdcf065dfb27320a9b6cc34d29c8bff7e3a2d98bda9a1152
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e5919f85840e2881d5974f99a4fc792772a0936fee171e59e32c4caccd292814
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 502132B5A28F4292EA145B31EB0477863A2BF45BB5F04A236DA5D56AB1EF3CE041C350
                                                                                                                                                                                                        Function 00007FFB1BAC8BAC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Dealloc$BuildCallErr_LongLong_Object_OccurredValue
                                                                                                                                                                                                        • String ID: NotStandalone
                                                                                                                                                                                                        • API String ID: 1294825290-2808886647
                                                                                                                                                                                                        • Opcode ID: 5c0b0d290de45eef4db0845d5f3ead920ece42fadecdfe805f9e4b0fc002c3f5
                                                                                                                                                                                                        • Instruction ID: 307b88b3fc1cfcdfe4634711d269cc60227d72103762516b0feda71bb6906b95
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5c0b0d290de45eef4db0845d5f3ead920ece42fadecdfe805f9e4b0fc002c3f5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E3214171A2DF1282F6509B31E54427963A2BF54BB5F08A231DA5E476B1DF3DE442C300
                                                                                                                                                                                                        Function 00007FFB1BAC8548 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Dealloc$BuildCallErr_Object_OccurredValue
                                                                                                                                                                                                        • String ID: (N)$Default
                                                                                                                                                                                                        • API String ID: 1677464630-894064132
                                                                                                                                                                                                        • Opcode ID: 960d3f263962755e404e180254e997911e7c0fe4a8b69a26f1238aa830356ce5
                                                                                                                                                                                                        • Instruction ID: a1b2f0feed6f8f0bba4b9d49d9892cb3ac3e50e3a8b34ce5bba4ff2d4beeb09b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 960d3f263962755e404e180254e997911e7c0fe4a8b69a26f1238aa830356ce5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E0214FB1A28F5282FA149B31D54437963A2BF45BB4F04A635DA4D57BB5EF3CE842C700
                                                                                                                                                                                                        Function 00007FFB1BABB8C0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Dealloc$BuildCallErr_Object_OccurredValue
                                                                                                                                                                                                        • String ID: (O&)$Comment
                                                                                                                                                                                                        • API String ID: 1677464630-4157610253
                                                                                                                                                                                                        • Opcode ID: 43b840a9b60497d2377c00ecac84431dda410d7cf0069b15ad76b43a02a36c85
                                                                                                                                                                                                        • Instruction ID: ae28fcd93c09b91b9c9b245f00ce5acc349ecc894f2bda875a374dc9f9fe66da
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 43b840a9b60497d2377c00ecac84431dda410d7cf0069b15ad76b43a02a36c85
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B42141B1A28F0283EB204B31EA4437967A1FF45BE5F44A235DA5D866B5EF3DE141C300
                                                                                                                                                                                                        Function 00007FF7EC517DDC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                        • String ID: CONOUT$
                                                                                                                                                                                                        • API String ID: 3230265001-3130406586
                                                                                                                                                                                                        • Opcode ID: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                        • Instruction ID: e371fb8f516805dde407827b53bd2f41fd31d4ccf53b2eb5048a87c1c1f7d536
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 38119025B18F4186E750AB56E858329A3E0FB98BF4FA00236EA5D877A4DF7CD804C751
                                                                                                                                                                                                        Function 00007FFB1BABE160 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Err_Mem_$FreeMallocMemoryObject_StringTrue
                                                                                                                                                                                                        • String ID: Cannot delete attribute
                                                                                                                                                                                                        • API String ID: 3601117635-1790985853
                                                                                                                                                                                                        • Opcode ID: c79acdda9cc42a27ded29c6de22ad12789b8009a6be222b618842fd770b19e88
                                                                                                                                                                                                        • Instruction ID: 0debe76b0f49f20eee2f2e7b72df142c676985b7f6c1d964360b833cabf999ca
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c79acdda9cc42a27ded29c6de22ad12789b8009a6be222b618842fd770b19e88
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0A11C3F1A29F0381FA148B35E9543382266AF55B75F24F732DA2E862B4DE3DE494C201
                                                                                                                                                                                                        Function 00007FFB0B661150 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 40COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • _PyArg_CheckPositional.PYTHON312 ref: 00007FFB0B663607
                                                                                                                                                                                                        • _PyArg_BadArgument.PYTHON312 ref: 00007FFB0B66363A
                                                                                                                                                                                                          • Part of subcall function 00007FFB0B6611B0: PyUnicode_CompareWithASCIIString.PYTHON312 ref: 00007FFB0B6611E2
                                                                                                                                                                                                          • Part of subcall function 00007FFB0B6611B0: PyUnicode_CompareWithASCIIString.PYTHON312 ref: 00007FFB0B6611FA
                                                                                                                                                                                                          • Part of subcall function 00007FFB0B6611B0: PyType_IsSubtype.PYTHON312 ref: 00007FFB0B66121D
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623328160.00007FFB0B661000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFB0B660000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623310302.00007FFB0B660000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B665000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B6C2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B70E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B712000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B717000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B76F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623528885.00007FFB0B772000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623548443.00007FFB0B774000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b660000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Arg_CompareStringUnicode_With$ArgumentCheckPositionalSubtypeType_
                                                                                                                                                                                                        • String ID: argument 1$argument 2$normalize$str
                                                                                                                                                                                                        • API String ID: 4101545800-1320425463
                                                                                                                                                                                                        • Opcode ID: 2dbf24b9019d36270aeee854f5eb720b9aec5d3fd397e623ab08701816bde558
                                                                                                                                                                                                        • Instruction ID: aa707eda4250ee83e5af74f9d1de6f0767799b2a4b7095730178eae9062dba02
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2dbf24b9019d36270aeee854f5eb720b9aec5d3fd397e623ab08701816bde558
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FE1182E0B0864688EB508B36ED41EB5A360AB16FC4F58D03AE90FCB374CE2CD544D740
                                                                                                                                                                                                        Function 00007FFB0B664768 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 39COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623328160.00007FFB0B661000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFB0B660000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623310302.00007FFB0B660000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B665000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B6C2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B70E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B712000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B717000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B76F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623528885.00007FFB0B772000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623548443.00007FFB0B774000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b660000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                        • String ID: argument 1$argument 2$is_normalized$str
                                                                                                                                                                                                        • API String ID: 3876575403-184702317
                                                                                                                                                                                                        • Opcode ID: ed7039aedf8594f44b2dcd06c7a3654b924861e91dfb93c4f465d606fbcafc7c
                                                                                                                                                                                                        • Instruction ID: 9e91597839240fa74dccf5b7395a7d1a4b3582e2deeb4756c186bc311b1ecd4a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ed7039aedf8594f44b2dcd06c7a3654b924861e91dfb93c4f465d606fbcafc7c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 660161E0B08A8698EB548B26E881FB5A761BB56FC4F44D039E90F8B774DE2CD485C340
                                                                                                                                                                                                        Function 00007FF7EC4F8560 Relevance: 9.1, APIs: 6, Instructions: 127COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,?,?,00000000,00007FF7EC4F9216), ref: 00007FF7EC4F8592
                                                                                                                                                                                                        • K32EnumProcessModules.KERNEL32(?,?,00000000,00007FF7EC4F9216), ref: 00007FF7EC4F85E9
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC4F9400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7EC4F45E4,00000000,00007FF7EC4F1985), ref: 00007FF7EC4F9439
                                                                                                                                                                                                        • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF7EC4F9216), ref: 00007FF7EC4F8678
                                                                                                                                                                                                        • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF7EC4F9216), ref: 00007FF7EC4F86E4
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,00000000,00007FF7EC4F9216), ref: 00007FF7EC4F86F5
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,00000000,00007FF7EC4F9216), ref: 00007FF7EC4F870A
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3462794448-0
                                                                                                                                                                                                        • Opcode ID: b2770b171440e78660be4c91fda42c27049aa369c6710ced6bdf6821ec2ad01d
                                                                                                                                                                                                        • Instruction ID: 56fb369576843375753cfab31033c4b501a75913a28e7377b1a47c8da876b47e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b2770b171440e78660be4c91fda42c27049aa369c6710ced6bdf6821ec2ad01d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7D41D96AB187C241E730AB11A8407AAA798FF46BD8F841036DF4C57785DF3CD419C721
                                                                                                                                                                                                        Function 00007FF7EC4F90E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC4F8760: GetCurrentProcess.KERNEL32 ref: 00007FF7EC4F8780
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC4F8760: OpenProcessToken.ADVAPI32 ref: 00007FF7EC4F8793
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC4F8760: GetTokenInformation.ADVAPI32 ref: 00007FF7EC4F87B8
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC4F8760: GetLastError.KERNEL32 ref: 00007FF7EC4F87C2
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC4F8760: GetTokenInformation.ADVAPI32 ref: 00007FF7EC4F8802
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC4F8760: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF7EC4F881E
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC4F8760: CloseHandle.KERNEL32 ref: 00007FF7EC4F8836
                                                                                                                                                                                                        • LocalFree.KERNEL32(?,00007FF7EC4F3C55), ref: 00007FF7EC4F916C
                                                                                                                                                                                                        • LocalFree.KERNEL32(?,00007FF7EC4F3C55), ref: 00007FF7EC4F9175
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                        • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                        • API String ID: 6828938-1529539262
                                                                                                                                                                                                        • Opcode ID: 3eb7115bd34229e0b110e4578eeeb93c66e7230f7a251aed45e8d0dbb8b27e08
                                                                                                                                                                                                        • Instruction ID: 7573072081d2fe07d1cdef178bc6b18346004a865bea60641ebf90997a4d256c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3eb7115bd34229e0b110e4578eeeb93c66e7230f7a251aed45e8d0dbb8b27e08
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2D215E29A08B8241F710BB10E9193EAB7A5EF8A784FD41033EA4D43786DF3CD919C761
                                                                                                                                                                                                        Function 00007FFB1BB13830 Relevance: 9.1, APIs: 6, Instructions: 59COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Mem_Py_hashtable_set$FreeMallocPy_hashtable_destroyPy_hashtable_new_full
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3987031744-0
                                                                                                                                                                                                        • Opcode ID: 6c6f2abf516a1ebd26afc03140672d26724b9ba237f76eb2b7f0fe7a7ead6468
                                                                                                                                                                                                        • Instruction ID: 953cc472e44b80ebf72d37c944816e5965e1734917e75ef055b3e519daa6ad33
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6c6f2abf516a1ebd26afc03140672d26724b9ba237f76eb2b7f0fe7a7ead6468
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D9214FA9A19F46D2EB218B36F84037A63A1FF45B94F04A135DA4D03A74EF3CE186C700
                                                                                                                                                                                                        Function 00007FF7EC50B338 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF7EC504F81,?,?,?,?,00007FF7EC50A4FA,?,?,?,?,00007FF7EC5071FF), ref: 00007FF7EC50B347
                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7EC504F81,?,?,?,?,00007FF7EC50A4FA,?,?,?,?,00007FF7EC5071FF), ref: 00007FF7EC50B37D
                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7EC504F81,?,?,?,?,00007FF7EC50A4FA,?,?,?,?,00007FF7EC5071FF), ref: 00007FF7EC50B3AA
                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7EC504F81,?,?,?,?,00007FF7EC50A4FA,?,?,?,?,00007FF7EC5071FF), ref: 00007FF7EC50B3BB
                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7EC504F81,?,?,?,?,00007FF7EC50A4FA,?,?,?,?,00007FF7EC5071FF), ref: 00007FF7EC50B3CC
                                                                                                                                                                                                        • SetLastError.KERNEL32(?,?,?,00007FF7EC504F81,?,?,?,?,00007FF7EC50A4FA,?,?,?,?,00007FF7EC5071FF), ref: 00007FF7EC50B3E7
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Value$ErrorLast
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2506987500-0
                                                                                                                                                                                                        • Opcode ID: 6c88e88182f069636ae7df0ba171e708af9cab9deaf2d86c464056bb8d47fe11
                                                                                                                                                                                                        • Instruction ID: a3ada4905b0ba9ea204c1d145944a8ee0763e00c47649447748b40abd74cb093
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6c88e88182f069636ae7df0ba171e708af9cab9deaf2d86c464056bb8d47fe11
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 53113E2CA0CA4282F658772156A337DE1925F447A8FB4473AD93EC67D6EE7CA401C323
                                                                                                                                                                                                        Function 00007FFB1BB12A80 Relevance: 9.0, APIs: 6, Instructions: 38threadCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • EVP_MD_CTX_copy.LIBCRYPTO-3(?,?,00000000,00007FFB1BB1286C), ref: 00007FFB1BB12AA5
                                                                                                                                                                                                        • PyThread_acquire_lock.PYTHON312(?,?,00000000,00007FFB1BB1286C), ref: 00007FFB1BB12AC8
                                                                                                                                                                                                        • PyThread_release_lock.PYTHON312(?,?,00000000,00007FFB1BB1286C), ref: 00007FFB1BB12AD7
                                                                                                                                                                                                        • PyEval_SaveThread.PYTHON312(?,?,00000000,00007FFB1BB1286C), ref: 00007FFB1BB1533E
                                                                                                                                                                                                        • PyThread_acquire_lock.PYTHON312(?,?,00000000,00007FFB1BB1286C), ref: 00007FFB1BB15350
                                                                                                                                                                                                        • PyEval_RestoreThread.PYTHON312(?,?,00000000,00007FFB1BB1286C), ref: 00007FFB1BB15359
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Eval_ThreadThread_acquire_lock$RestoreSaveThread_release_lockX_copy
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1756194536-0
                                                                                                                                                                                                        • Opcode ID: 3e88ab67eb54e8560ce91fe01e5ed0aac46a7091d3f7cccf7069731f8527c557
                                                                                                                                                                                                        • Instruction ID: 2fd9ea8e56b9bc3b2baf931112a5ecfea64e8b7312117e1c7a601e8aa9434b76
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3e88ab67eb54e8560ce91fe01e5ed0aac46a7091d3f7cccf7069731f8527c557
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9D01C0E9B19E42C2EB388B72F55423A6362FB89FA4B14A431DD0E43B64DE3CD455C250
                                                                                                                                                                                                        Function 00007FFB1BB16288 Relevance: 9.0, APIs: 6, Instructions: 34threadCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Eval_ThreadThread_acquire_lock$RestoreSaveThread_release_lockX_copy
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1756194536-0
                                                                                                                                                                                                        • Opcode ID: 54603490526cbde76f72d27c06f4beee5856741c627c849bae8a7d1eb7fdba59
                                                                                                                                                                                                        • Instruction ID: d5a328578322d10850b0ffeaef28b5fe33f6f099f93222705c2f0fca678b8ccc
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 54603490526cbde76f72d27c06f4beee5856741c627c849bae8a7d1eb7fdba59
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1401E5E9B05E42C2EB648B63F45422A6361FF49F90B04A430EE0E43F24CF3CD4968240
                                                                                                                                                                                                        Function 00007FFB1BA61F80 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 140COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627179287.00007FFB1BA61000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BA60000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627156241.00007FFB1BA60000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627202946.00007FFB1BA63000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627227017.00007FFB1BA64000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627252427.00007FFB1BA65000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1ba60000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _wassertmemcpymemmove
                                                                                                                                                                                                        • String ID: cfbState->usedKeyStream <= segment_len$src/raw_cfb.c
                                                                                                                                                                                                        • API String ID: 750734614-977067101
                                                                                                                                                                                                        • Opcode ID: 190ca472f54348da95aaf15e0cc56e810afdec70c59e9a35399ab383c56dfc83
                                                                                                                                                                                                        • Instruction ID: 33cf7844c3eb56a8798cc6c55a6433143d6787ccf4fe12dec64d5a077ebe4752
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 190ca472f54348da95aaf15e0cc56e810afdec70c59e9a35399ab383c56dfc83
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0551E1E2E14B9582EA058F39D4049A96762FB54FE4F04A736DE8813B55EF7CD592C300
                                                                                                                                                                                                        Function 00007FF7EC4F2910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF7EC4F1B6A), ref: 00007FF7EC4F295E
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                        • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                                                                                                                                        • API String ID: 2050909247-2962405886
                                                                                                                                                                                                        • Opcode ID: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                        • Instruction ID: ba242685fbca0f90236925b5e95027fa6599b21470d6017fbb53bf23f83a20fb
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3631266AB18A8142E720B761A8417E7A694BF887D8F801133FE8C83755EF3CD55AC211
                                                                                                                                                                                                        Function 00007FF7EC4F2B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF7EC4F918F,?,00007FF7EC4F3C55), ref: 00007FF7EC4F2BA0
                                                                                                                                                                                                        • MessageBoxW.USER32 ref: 00007FF7EC4F2C2A
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentMessageProcess
                                                                                                                                                                                                        • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                                                                                                                                        • API String ID: 1672936522-3797743490
                                                                                                                                                                                                        • Opcode ID: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                        • Instruction ID: bd96baaa1816dc03a00ef42eb23f404a58510ffe3220d3b3b485f892107db2dd
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7521D166708B8182E720EB24F8457AAB7A4FB88784F801132EE8D97655DF3CD619C711
                                                                                                                                                                                                        Function 00007FF7EC4F2710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF7EC4F1B99), ref: 00007FF7EC4F2760
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                        • String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                        • API String ID: 2050909247-1591803126
                                                                                                                                                                                                        • Opcode ID: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                        • Instruction ID: 53519d72d6e28f310db1d5cc158a056260479d78723bad3f8dacc8701f6efadb
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4F21B276A18B8182E720EB50B8417E6A7A4FB883C8F901132FE8C83659DF3CD159C751
                                                                                                                                                                                                        Function 00007FFB1BAC8DB4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • PyErr_Occurred.PYTHON312 ref: 00007FFB1BAC8DDE
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyUnicode_DecodeUTF8.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6B3
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyDict_GetItemWithError.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6D6
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyErr_Occurred.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6E4
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABA680: PyDict_SetItem.PYTHON312(?,?,?,00007FFB1BAB593F), ref: 00007FFB1BABA6FD
                                                                                                                                                                                                        • Py_BuildValue.PYTHON312 ref: 00007FFB1BAC8E15
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BABB998: PyObject_Call.PYTHON312 ref: 00007FFB1BABB9B8
                                                                                                                                                                                                        • _Py_Dealloc.PYTHON312 ref: 00007FFB1BAC8E63
                                                                                                                                                                                                        • _Py_Dealloc.PYTHON312 ref: 00007FFB1BAC8E7C
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DeallocDict_Err_ItemOccurred$BuildCallDecodeErrorObject_Unicode_ValueWith
                                                                                                                                                                                                        • String ID: SkippedEntity
                                                                                                                                                                                                        • API String ID: 3887327737-2419268895
                                                                                                                                                                                                        • Opcode ID: 63d5a00ac6326c6b3345ee8707e9bc6ec39f2ebbe30b265165ca3b00d3ff6c59
                                                                                                                                                                                                        • Instruction ID: 92af162dab44e3ef1241e3926a4629f6ad59c2413175ba4e8f4174aa77f4ef72
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 63d5a00ac6326c6b3345ee8707e9bc6ec39f2ebbe30b265165ca3b00d3ff6c59
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F216AB1A29B5282EA549B35E64437D63A2BF06BB4F08E235DA4C47BB1DF3CE4418340
                                                                                                                                                                                                        Function 00007FFB0B664694 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623328160.00007FFB0B661000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFB0B660000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623310302.00007FFB0B660000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B665000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B6C2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B70E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B712000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B717000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B76F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623528885.00007FFB0B772000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623548443.00007FFB0B774000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b660000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Arg_ArgumentSubtypeType_
                                                                                                                                                                                                        • String ID: a unicode character$argument$east_asian_width
                                                                                                                                                                                                        • API String ID: 1522575347-3913127203
                                                                                                                                                                                                        • Opcode ID: 43813d0d932ae7c374914bf6384df1a3629f4c3e0bd964f6072aa249f9af1373
                                                                                                                                                                                                        • Instruction ID: bc5ccb78dcf2595da642be0807ec402dd33ccec274a7d6531afb7122643e7c8a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 43813d0d932ae7c374914bf6384df1a3629f4c3e0bd964f6072aa249f9af1373
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 612195A5E08A8289EB189B31EC51979A7A1AF57BC4F44D039E60FC7770DF2CD4948740
                                                                                                                                                                                                        Function 00007FFB0B664C5C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623328160.00007FFB0B661000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFB0B660000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623310302.00007FFB0B660000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B665000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B6C2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B70E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B712000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B717000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B76F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623528885.00007FFB0B772000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623548443.00007FFB0B774000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b660000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DoubleErr_Float_FromNumericStringSubtypeType_Unicode_
                                                                                                                                                                                                        • String ID: not a numeric character
                                                                                                                                                                                                        • API String ID: 1034370217-2058156748
                                                                                                                                                                                                        • Opcode ID: c4f3043636e101a3a83274b1f0d06bc8cf9bfb138ae39ee1603926f77e7512ac
                                                                                                                                                                                                        • Instruction ID: 2450bac753f462614bb97afd51fed0f5d8f666d2f7c64ec5724c3d48890898d9
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c4f3043636e101a3a83274b1f0d06bc8cf9bfb138ae39ee1603926f77e7512ac
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1C2193A1E09946C9EB518B35EC14938E7A0AF56B84F04C139E90FC7774EF2CE8418740
                                                                                                                                                                                                        Function 00007FFB1BAC8820 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Dealloc$BuildCallErr_Object_OccurredValue
                                                                                                                                                                                                        • String ID: EndDoctypeDecl
                                                                                                                                                                                                        • API String ID: 1677464630-3017262571
                                                                                                                                                                                                        • Opcode ID: 92f260d9299a38366f162ec402f1c28adf1b6b28869a631ddace8b88d32d3067
                                                                                                                                                                                                        • Instruction ID: f7b084cc60885be7f15402da96a7bd9dfb403dad9620e69ebf41b608e493ff56
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 92f260d9299a38366f162ec402f1c28adf1b6b28869a631ddace8b88d32d3067
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A3213BB1A38A1282FA148B31E50437963A2FB45BB5F04E236DA5D4AAB4DF3CE442C704
                                                                                                                                                                                                        Function 00007FFB1BAC8758 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Dealloc$BuildCallErr_Object_OccurredValue
                                                                                                                                                                                                        • String ID: EndCdataSection
                                                                                                                                                                                                        • API String ID: 1677464630-4040879477
                                                                                                                                                                                                        • Opcode ID: 0510bbf2006e5c6ceb69c7e294d56018ddd763baa87cf2d983fac6538f6ec6f3
                                                                                                                                                                                                        • Instruction ID: d63738be9fd359a79fbba32e774901a42c2aa491c9279566977cb9f00f1e06ce
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0510bbf2006e5c6ceb69c7e294d56018ddd763baa87cf2d983fac6538f6ec6f3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 33214AB1A38F4282FA249B31E60437963A2FB45BB4F04E234DA5D46AB1EF3DE441C304
                                                                                                                                                                                                        Function 00007FFB1BAC8E9C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Dealloc$BuildCallErr_Object_OccurredValue
                                                                                                                                                                                                        • String ID: StartCdataSection
                                                                                                                                                                                                        • API String ID: 1677464630-113579994
                                                                                                                                                                                                        • Opcode ID: 4ac7ac813fcc9ff6c77a7f0c000e5ff0fd1424953f584d1190d34733b9591911
                                                                                                                                                                                                        • Instruction ID: 6d745c0be9d3ef7127fadbe1b2d97ab231a172a20bdbe2cf128dbe8022e61456
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4ac7ac813fcc9ff6c77a7f0c000e5ff0fd1424953f584d1190d34733b9591911
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8B216AB1A28F0282FA148B35E60437963A2FF41BB5F04E231EA5D476B1DF7DE4468380
                                                                                                                                                                                                        Function 00007FFB0B664358 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623328160.00007FFB0B661000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFB0B660000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623310302.00007FFB0B660000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B665000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B6C2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B70E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B712000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B717000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B76F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623528885.00007FFB0B772000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623548443.00007FFB0B774000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b660000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DecimalDigitErr_FromLongLong_StringSubtypeType_Unicode_
                                                                                                                                                                                                        • String ID: not a decimal
                                                                                                                                                                                                        • API String ID: 3750391552-3590249192
                                                                                                                                                                                                        • Opcode ID: 0cf26f43277d2d65cd436f04c55e3f115854bb953c5d4c83dfc8717dffaf923a
                                                                                                                                                                                                        • Instruction ID: 047d0dbb5be13f2668a783b7fd24953d97b807f48607d179fb07793f61f77a81
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0cf26f43277d2d65cd436f04c55e3f115854bb953c5d4c83dfc8717dffaf923a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6A1146A1A095468AEF548B37DC5493CE6A1AF96B84F44C039E94FD7774DF2CE8408340
                                                                                                                                                                                                        Function 00007FFB0B664BA8 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623328160.00007FFB0B661000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFB0B660000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623310302.00007FFB0B660000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B665000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B6C2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B70E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B712000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B717000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B76F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623528885.00007FFB0B772000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623548443.00007FFB0B774000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b660000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                        • String ID: a unicode character$argument 1$numeric
                                                                                                                                                                                                        • API String ID: 3876575403-2385192657
                                                                                                                                                                                                        • Opcode ID: 52c217464d75848053b49b711c04e020a7b03085db03b8c2e29089cfeafef3ec
                                                                                                                                                                                                        • Instruction ID: d2457c6c9ec921668ce88c7686a72026e154e6a92703bbd59adcf3762083d1fa
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 52c217464d75848053b49b711c04e020a7b03085db03b8c2e29089cfeafef3ec
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 881163B1A08A4699EB509F62E8419A9A360EB45B84F58C03AEA1F87775DF2CD545C700
                                                                                                                                                                                                        Function 00007FFB0B6642A4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623328160.00007FFB0B661000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFB0B660000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623310302.00007FFB0B660000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B665000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B6C2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B70E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B712000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B717000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B76F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623528885.00007FFB0B772000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623548443.00007FFB0B774000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b660000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                        • String ID: a unicode character$argument 1$decimal
                                                                                                                                                                                                        • API String ID: 3876575403-2474051849
                                                                                                                                                                                                        • Opcode ID: 9348c28e7ebcd46bb31e1bfa83ec9fe388dc58031527a9d4dedc035c740255b6
                                                                                                                                                                                                        • Instruction ID: e5f012110b6e4654909add96290509ae4c211928a68408bf3f339d8aaedede42
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9348c28e7ebcd46bb31e1bfa83ec9fe388dc58031527a9d4dedc035c740255b6
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FB11B2B1A0868289EB509F23E8409A9B360FB46B84F58C03AEA1FD7774CF3CD545C700
                                                                                                                                                                                                        Function 00007FFB0B664A68 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623328160.00007FFB0B661000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFB0B660000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623310302.00007FFB0B660000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B665000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B6C2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B70E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B712000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B717000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B76F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623528885.00007FFB0B772000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623548443.00007FFB0B774000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b660000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                        • String ID: a unicode character$argument 1$name
                                                                                                                                                                                                        • API String ID: 3876575403-4190364640
                                                                                                                                                                                                        • Opcode ID: 3b9125b5b1efe8070f8bfaa69a26c5d9a925344cea38a0d903252173c94026c9
                                                                                                                                                                                                        • Instruction ID: c282d63546318c196e7a31fc0c152048197856395f6b46b9c85a9c0d957a8d2e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3b9125b5b1efe8070f8bfaa69a26c5d9a925344cea38a0d903252173c94026c9
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A811B671B08A8299DB509F62E9419A9B360FB45B84F48C03AEA0FC7738CF3CD545C700
                                                                                                                                                                                                        Function 00007FFB1BACC4A8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35timeCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Time$CurrentFileProcessSystemrand_s
                                                                                                                                                                                                        • String ID: fallback(4)$rand_s
                                                                                                                                                                                                        • API String ID: 2124637630-25474216
                                                                                                                                                                                                        • Opcode ID: dc8982f72b75b76c385e483fdecf9167eeb1ccccb41c12691c946f4df9475de6
                                                                                                                                                                                                        • Instruction ID: d3deb3a5e2757cc777e28e633c3f4e2f3e9727686b6098cb9e1826dfe3185a3f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: dc8982f72b75b76c385e483fdecf9167eeb1ccccb41c12691c946f4df9475de6
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D2018F72A3C94686FB40CB74E5D857A6362EB94734F40F235E65B854B4EE2CE888CB40
                                                                                                                                                                                                        Function 00007FFB0B6641B8 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 35COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623328160.00007FFB0B661000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFB0B660000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623310302.00007FFB0B660000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B665000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B6C2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B70E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B712000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B717000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B76F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623528885.00007FFB0B772000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623548443.00007FFB0B774000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b660000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Arg_ArgumentErr_Occurred
                                                                                                                                                                                                        • String ID: a unicode character$argument$combining
                                                                                                                                                                                                        • API String ID: 3979797681-4202047184
                                                                                                                                                                                                        • Opcode ID: 0010389201683798248f81cc769f89e95aab19bcf9dbd2fef4c49c29bb1cbe83
                                                                                                                                                                                                        • Instruction ID: 756c6d1be58da977d3fd71ed80f6f3942994219d2dae9d97b689308093a43ab8
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0010389201683798248f81cc769f89e95aab19bcf9dbd2fef4c49c29bb1cbe83
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C701B1E1E0864289EA148B35EC41AB9A3A4FF5B794F908239E54FC73B0CE2CD5448300
                                                                                                                                                                                                        Function 00007FFB0B664974 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 35COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623328160.00007FFB0B661000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFB0B660000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623310302.00007FFB0B660000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B665000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B6C2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B70E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B712000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B717000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B76F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623528885.00007FFB0B772000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623548443.00007FFB0B774000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b660000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Arg_ArgumentErr_Occurred
                                                                                                                                                                                                        • String ID: a unicode character$argument$mirrored
                                                                                                                                                                                                        • API String ID: 3979797681-4001128513
                                                                                                                                                                                                        • Opcode ID: ea2d28226fddc5d11e335db1b9ed7ab3f9b437e3c69b8b684c3fa5e494c2232a
                                                                                                                                                                                                        • Instruction ID: 351bef08d692299d626305c91340ab55b2c83380ee135e77050cff0ffa53ac37
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ea2d28226fddc5d11e335db1b9ed7ab3f9b437e3c69b8b684c3fa5e494c2232a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 92015EA1E0864399EA549B35EC919B8A390BF9A794F508739E64FC73B0DE2CD5848300
                                                                                                                                                                                                        Function 00007FFB0B662630 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623328160.00007FFB0B661000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFB0B660000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623310302.00007FFB0B660000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B665000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B6C2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B70E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B712000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B717000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B76F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623528885.00007FFB0B772000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623548443.00007FFB0B774000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b660000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Mem_$Capsule_Err_FreeMallocMemory
                                                                                                                                                                                                        • String ID: unicodedata._ucnhash_CAPI
                                                                                                                                                                                                        • API String ID: 3673501854-3989975041
                                                                                                                                                                                                        • Opcode ID: 5e9834a627ee6fe7d10ad507bd7f89f40610d90c00d7e2fed1f02445e86e63e1
                                                                                                                                                                                                        • Instruction ID: 71490c1572f632cb4e5439afe5d66852525d4eed03c9f41e40ff7d16764af98f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5e9834a627ee6fe7d10ad507bd7f89f40610d90c00d7e2fed1f02445e86e63e1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 30F031A0A09B479AEB054B35EC24878E3A4BF1A784F449439E94F86374EF3CE454C310
                                                                                                                                                                                                        Function 00007FFB1BB13B20 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 28COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Module_$Err_ExceptionObjectState
                                                                                                                                                                                                        • String ID: UnsupportedDigestmodError$_hashlib.UnsupportedDigestmodError
                                                                                                                                                                                                        • API String ID: 2341384915-1819944972
                                                                                                                                                                                                        • Opcode ID: b8198b999cc8cfc71226c5b5026643031f4ccfcd3825405c230f36fb0852079d
                                                                                                                                                                                                        • Instruction ID: 843997dc809d48ccb226fb5559857a8527af969e4159189f47f02286f153e681
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b8198b999cc8cfc71226c5b5026643031f4ccfcd3825405c230f36fb0852079d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 13F04FE9719E42C1EA218B36F44023B23A2FF09BB0B14E135ED1D07BB4EE2CD0858700
                                                                                                                                                                                                        Function 00007FF7EC509AF8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                        • API String ID: 4061214504-1276376045
                                                                                                                                                                                                        • Opcode ID: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                        • Instruction ID: f0b2ff6d81ca3180e796c289c7dc654c6aa45e13dc9a9c43cb0892f0c7f33b88
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3BF0AF69B18B0681FB14AB24A8493399370AF49775FA40236CA6E861E8DF3CE144C321
                                                                                                                                                                                                        Function 00007FFB0B7DBC50 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 15COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623763458.00007FFB0B7C1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0B7C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623744061.00007FFB0B7C0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623763458.00007FFB0B842000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623835541.00007FFB0B844000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623862928.00007FFB0B86C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B871000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B877000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B87F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b7c0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c$ssl_undefined_function
                                                                                                                                                                                                        • API String ID: 1552677711-2204979087
                                                                                                                                                                                                        • Opcode ID: b2d1405cb58b5c5623c5942482346337c1b790aa5a6a1e377cca11eeeae03d46
                                                                                                                                                                                                        • Instruction ID: dad4199f65a4fcf4678fafd66c978cf5b2f8ac4d999d3104b29076aac0a69e31
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b2d1405cb58b5c5623c5942482346337c1b790aa5a6a1e377cca11eeeae03d46
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2FE0EC96F2834292E380B770D856DE92210EB50740FD0C075E00ED2AB2DE2CA5459B50
                                                                                                                                                                                                        Function 00007FFB1BA623F0 Relevance: 7.6, APIs: 6, Instructions: 76COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627179287.00007FFB1BA61000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFB1BA60000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627156241.00007FFB1BA60000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627202946.00007FFB1BA63000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627227017.00007FFB1BA64000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627252427.00007FFB1BA65000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1ba60000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: calloc$free$memcpy
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3937003943-0
                                                                                                                                                                                                        • Opcode ID: 9bc8d67156ad3f452768cdaea32a448c3d61317b4a210aaa2a65c8f186b35c59
                                                                                                                                                                                                        • Instruction ID: e534a28e60a3402fbfe2a23a5566fbe8ec4ce03073c151e2bb231034316abbb8
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9bc8d67156ad3f452768cdaea32a448c3d61317b4a210aaa2a65c8f186b35c59
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E5314CF1A19F4282EB148B26E44436872A2FF54FA0F15B639DE4D077A9DF3DE8958340
                                                                                                                                                                                                        Function 00007FFB1BB12960 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Arg_DeallocErr_IndexKeywordsLong_Number_OccurredSsize_tUnpack
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2202598743-0
                                                                                                                                                                                                        • Opcode ID: 8228bfbc9c73d17724c4f635dccdf614359aa221be749b182f3814ab60b5a956
                                                                                                                                                                                                        • Instruction ID: 17267d15e7c09f903955d173e19543ed672d67a045cb3788c12e9b6ee7227ff3
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8228bfbc9c73d17724c4f635dccdf614359aa221be749b182f3814ab60b5a956
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B4212AB9A09E46C2EA708F25F40437A6292FF49BF0F589234D96D06BE4EF2CE4018640
                                                                                                                                                                                                        Function 00007FFB1BB12790 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Arg_DeallocErr_IndexKeywordsLong_Number_OccurredSsize_tUnpack
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2202598743-0
                                                                                                                                                                                                        • Opcode ID: ef63b0d9bfe8ae0ed1bf16637239abc87db869bb85c69a6beac622a2802b68fe
                                                                                                                                                                                                        • Instruction ID: 2e6bc24e6592d657ed607c432af1a825fe2f201dfc828d4a476217642d3b50b2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ef63b0d9bfe8ae0ed1bf16637239abc87db869bb85c69a6beac622a2802b68fe
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 512110B9A09F42C2EA648B25F84437B6292FF45BB0F489235D96D06BE4EF3CE4118740
                                                                                                                                                                                                        Function 00007FF7EC5193D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _set_statfp
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1156100317-0
                                                                                                                                                                                                        • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                        • Instruction ID: 6e755bda8cf39e91545e48934587e8481ffa4bb5eab46a44605da6a6ac4a795a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0111C17AE1CE9381F7643126E45E375A0447F58370FB80636EAAE062D6CEBCA941C122
                                                                                                                                                                                                        Function 00007FF7EC50B400 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FlsGetValue.KERNEL32(?,?,?,00007FF7EC50A613,?,?,00000000,00007FF7EC50A8AE,?,?,?,?,?,00007FF7EC50A83A), ref: 00007FF7EC50B41F
                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7EC50A613,?,?,00000000,00007FF7EC50A8AE,?,?,?,?,?,00007FF7EC50A83A), ref: 00007FF7EC50B43E
                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7EC50A613,?,?,00000000,00007FF7EC50A8AE,?,?,?,?,?,00007FF7EC50A83A), ref: 00007FF7EC50B466
                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7EC50A613,?,?,00000000,00007FF7EC50A8AE,?,?,?,?,?,00007FF7EC50A83A), ref: 00007FF7EC50B477
                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7EC50A613,?,?,00000000,00007FF7EC50A8AE,?,?,?,?,?,00007FF7EC50A83A), ref: 00007FF7EC50B488
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Value
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3702945584-0
                                                                                                                                                                                                        • Opcode ID: 43a5c13e669b9c0dc60c9d5204f3187f9cebb30c335aac4df6ce1d0b58ad24f5
                                                                                                                                                                                                        • Instruction ID: debbac9e54cbd20b7a6f1346b77c359e681f676f853fd8361bb132506bda5327
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 43a5c13e669b9c0dc60c9d5204f3187f9cebb30c335aac4df6ce1d0b58ad24f5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 59116038B08A0241FA58B32156A3379E1925F447B8FF48336D83EC66D6EE3CA501C223
                                                                                                                                                                                                        Function 00007FF7EC50B294 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Value
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3702945584-0
                                                                                                                                                                                                        • Opcode ID: 8aa69c65082f5ed190463b1c2d732539134b8ecb86da000f77e4666776fecf75
                                                                                                                                                                                                        • Instruction ID: b7649f0c2c904ee3c098740c9add405763e83ddd6a7099507a55c2d2c8486e91
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8aa69c65082f5ed190463b1c2d732539134b8ecb86da000f77e4666776fecf75
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4911DA2CA0960745F96C722559A337AA1915F45768FF4473AD93ECA2D2FD3CB441C223
                                                                                                                                                                                                        Function 00007FFB1BACC7F0 Relevance: 7.5, APIs: 5, Instructions: 28stringCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,00007FFB1BAC9F33), ref: 00007FFB1BACC7F6
                                                                                                                                                                                                        • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FFB1BAC9F33), ref: 00007FFB1BACC804
                                                                                                                                                                                                        • strtoul.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,?,00007FFB1BAC9F33), ref: 00007FFB1BACC820
                                                                                                                                                                                                        • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FFB1BAC9F33), ref: 00007FFB1BACC828
                                                                                                                                                                                                        • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FFB1BAC9F33), ref: 00007FFB1BACC841
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _errno$getenvstrtoul
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1872403029-0
                                                                                                                                                                                                        • Opcode ID: 609ccfae72c349f1daabd3f647d503e65106fc66edf4cac1d90b806802824f4a
                                                                                                                                                                                                        • Instruction ID: 6680c4ac5f7eb8d90e4766c8e37c503dc2ed95fed8d3c0a423d3dbe47689da8c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 609ccfae72c349f1daabd3f647d503e65106fc66edf4cac1d90b806802824f4a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: EDF01DB2E29B0296EB114F74E85533922A3AF45B31F44E130DA09863A0DF7CD884C710
                                                                                                                                                                                                        Function 00007FF7EC506010 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                        • String ID: verbose
                                                                                                                                                                                                        • API String ID: 3215553584-579935070
                                                                                                                                                                                                        • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                        • Instruction ID: c50e967c02b02b9f2c232376d6bbb4780f418c91247308b1d29666a702aaf6f6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3C91B23AA08A4645F761AE24D4523BDB391AF40B98FE44137DE59873D6EF3CE405D322
                                                                                                                                                                                                        Function 00007FF7EC50FC38 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                        • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                        • API String ID: 3215553584-1196891531
                                                                                                                                                                                                        • Opcode ID: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                        • Instruction ID: f19ee1457e55be626678395bf5a41887781fede1d5fe20f48625cb580e51fc36
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2081B23AD0C24286F7A46E25810337AB7A0AB1174CFF54237DA09C7286FB3DA945D723
                                                                                                                                                                                                        Function 00007FF7EC4FD6B8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                        • API String ID: 2395640692-1018135373
                                                                                                                                                                                                        • Opcode ID: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                        • Instruction ID: 7558b7420866ddb0b0a51ae92acaa686833babb08d154231701732194b7bc233
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                        • Instruction Fuzzy Hash: AA51013AB096828ADB14FF15D004BB8BB99EB45B9CF905132DA5E47748DF3CE864C712
                                                                                                                                                                                                        Function 00007FF7EC4FEF48 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                        • String ID: MOC$RCC
                                                                                                                                                                                                        • API String ID: 3544855599-2084237596
                                                                                                                                                                                                        • Opcode ID: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                        • Instruction ID: 118e9163e12cc4c7c31b0ee3eb876293e18575262e47db0a2ddba13f3b293f30
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8F61B437908BC586E720AF15E4403AAFBA4FB85788F445226EB9C03B59DF7CD1A4CB11
                                                                                                                                                                                                        Function 00007FF7EC4FF2F8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                        • String ID: csm$csm
                                                                                                                                                                                                        • API String ID: 3896166516-3733052814
                                                                                                                                                                                                        • Opcode ID: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                        • Instruction ID: 85edc62bf23c4e2e830dd197272b6879106bdf077dcdb6d2e5ed2f43244af814
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4951C33B9082C287FB64AF219044368BAD8FB56B98F946137DA8C43785CF3CE464C712
                                                                                                                                                                                                        Function 00007FF7EC4F7E10 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32(00000000,?,00007FF7EC4F352C,?,00000000,00007FF7EC4F3F23), ref: 00007FF7EC4F7F22
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CreateDirectory
                                                                                                                                                                                                        • String ID: %.*s$%s%c$\
                                                                                                                                                                                                        • API String ID: 4241100979-1685191245
                                                                                                                                                                                                        • Opcode ID: 517c45005fecb665460f06d6deeb7a52b86fc8f3bacaeb8cdec2a0b3fdaf0698
                                                                                                                                                                                                        • Instruction ID: d61ee5ba90317694cd4d9a5dd57c6e479518c6e50ddc487456046dd49e1a2019
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 517c45005fecb665460f06d6deeb7a52b86fc8f3bacaeb8cdec2a0b3fdaf0698
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3B312D25719AC145FB21AB20E4107EAA758EF85BE8F802232EE6D437C9DF3CD619C711
                                                                                                                                                                                                        Function 00007FFB1AB12300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2626635221.00007FFB1AB11000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB1AB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2626603475.00007FFB1AB10000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2626660804.00007FFB1AB14000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2626681960.00007FFB1AB15000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2626712116.00007FFB1AB16000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1ab10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _wassertmemcpy
                                                                                                                                                                                                        • String ID: hs->curlen < BLOCK_SIZE$src/SHA1.c
                                                                                                                                                                                                        • API String ID: 785382960-330188172
                                                                                                                                                                                                        • Opcode ID: c0c0089d6db84a754a9f4dd4ff2d59823096eb03f0e69a83426b2c5603fec51d
                                                                                                                                                                                                        • Instruction ID: 61cabd82a7f96b798d93312d8d759ac888239a4192ac2f67d5c22d8e906992a6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c0c0089d6db84a754a9f4dd4ff2d59823096eb03f0e69a83426b2c5603fec51d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3821B7A9B05AD1CAEB24CF25F14436E6B67FF44B94F184076DA4D47B49CE3CE8418740
                                                                                                                                                                                                        Function 00007FF7EC4F2810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Message
                                                                                                                                                                                                        • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                                                                                                                                        • API String ID: 2030045667-255084403
                                                                                                                                                                                                        • Opcode ID: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                        • Instruction ID: 8ccfd7f058b36e394248fab6a8184acaaf160045dbf011f97ad2cff64e44b10a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                        • Instruction Fuzzy Hash: DA21D176B08B8192E720EB24F4457EAA7A4FB88784F801132EE8D93656DF3CD659C711
                                                                                                                                                                                                        Function 00007FFB0B7C1C8A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623763458.00007FFB0B7C1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0B7C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623744061.00007FFB0B7C0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623763458.00007FFB0B842000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623835541.00007FFB0B844000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623862928.00007FFB0B86C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B871000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B877000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B87F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b7c0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_alpn
                                                                                                                                                                                                        • API String ID: 193678381-4282401781
                                                                                                                                                                                                        • Opcode ID: 968d4d3aa58921e27ba57d45bb8ba639a6fce9c1c0943d90eefac7b12e89f785
                                                                                                                                                                                                        • Instruction ID: 6142468794d9c681e22042a727c6d66f85817d6838455b23eee2c831929cbb9a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 968d4d3aa58921e27ba57d45bb8ba639a6fce9c1c0943d90eefac7b12e89f785
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C92183A1B0D34241FB90AA36E549FF92254EB447C8F588438DE4EDBAF6DF2DD4818710
                                                                                                                                                                                                        Function 00007FFB1BAC82CC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: BuildDeallocTuple_Value
                                                                                                                                                                                                        • String ID: (iiO&N)
                                                                                                                                                                                                        • API String ID: 2051921541-152595445
                                                                                                                                                                                                        • Opcode ID: 7872e035d836b8b2d467df30b553e1e465ed421087ac9e392c6598962ea60d59
                                                                                                                                                                                                        • Instruction ID: b1eb4149cf1553b0d414ccc57551c45210b9ac0bda54a8d3d3871a11130f733f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7872e035d836b8b2d467df30b553e1e465ed421087ac9e392c6598962ea60d59
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7E211D72A28F4686DA248B25E444079B7A5FB88BB0B49A631CA9D43774DF3CE542C700
                                                                                                                                                                                                        Function 00007FFB0B661EF0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • PyErr_SetString.PYTHON312(?,?,?,?,?,00007FFB0B661EDC), ref: 00007FFB0B663B35
                                                                                                                                                                                                          • Part of subcall function 00007FFB0B661FD0: strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFB0B662008
                                                                                                                                                                                                          • Part of subcall function 00007FFB0B661FD0: strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFB0B662026
                                                                                                                                                                                                        • PyErr_Format.PYTHON312 ref: 00007FFB0B661F53
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623328160.00007FFB0B661000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFB0B660000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623310302.00007FFB0B660000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B665000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B6C2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B70E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B712000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B717000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B76F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623528885.00007FFB0B772000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623548443.00007FFB0B774000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b660000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Err_strncmp$FormatString
                                                                                                                                                                                                        • String ID: name too long$undefined character name '%s'
                                                                                                                                                                                                        • API String ID: 3882229318-4056717002
                                                                                                                                                                                                        • Opcode ID: 715c9f25760f3b51f9c773b91e4e06c178d711229799cf52a99adf42e7180ef0
                                                                                                                                                                                                        • Instruction ID: ef50787a49d45baae9c884f58d7a10176a3f6ed2946032bbaab33e318ae036d0
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 715c9f25760f3b51f9c773b91e4e06c178d711229799cf52a99adf42e7180ef0
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F11124B5A1894B89EB008B24DC55AB4E3A0FB9A748F808435EA0FC62B0DF7DD54AC740
                                                                                                                                                                                                        Function 00007FFB1BB12AF0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: D_get_typeDeallocFormatFromJ_nid2lnUnicode_X_md
                                                                                                                                                                                                        • String ID: <%U %s object @ %p>
                                                                                                                                                                                                        • API String ID: 943899189-1790359138
                                                                                                                                                                                                        • Opcode ID: 1411fb2285f85836fdb351d5b1e47381146ed41c456b840a082c6e66d1aa3354
                                                                                                                                                                                                        • Instruction ID: ee23da862a2e9844acdbbd673bca959327a90717cdf31099dbcd388549636788
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1411fb2285f85836fdb351d5b1e47381146ed41c456b840a082c6e66d1aa3354
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A6F031E9A09E86C1DE244F63F95427A6292FB48FE4F14D035DD0E07BB5DE2CD4418340
                                                                                                                                                                                                        Function 00007FFB0B7C1C7B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623763458.00007FFB0B7C1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0B7C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623744061.00007FFB0B7C0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623763458.00007FFB0B842000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623835541.00007FFB0B844000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623862928.00007FFB0B86C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B871000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B877000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B87F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b7c0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_srvr.c$ossl_statem_server_construct_message
                                                                                                                                                                                                        • API String ID: 193678381-3648037868
                                                                                                                                                                                                        • Opcode ID: 2847354186164e0ced2237fd8c2924122173ee91fe12d2b52edaaef03b5c9312
                                                                                                                                                                                                        • Instruction ID: f3fbf8be63106b21ddde557bf54acf6aa648d30482da72a2d01ad9c884ba7fca
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2847354186164e0ced2237fd8c2924122173ee91fe12d2b52edaaef03b5c9312
                                                                                                                                                                                                        • Instruction Fuzzy Hash: EAF067A2A0830286E740A374D855EA82301EB44784F90C531E60ED2AF2EE2DE5428A40
                                                                                                                                                                                                        Function 00007FFB1BB1606C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: D_get_typeDeallocFormatFromJ_nid2lnUnicode_X_get_md
                                                                                                                                                                                                        • String ID: <%U HMAC object @ %p>
                                                                                                                                                                                                        • API String ID: 454943875-749664232
                                                                                                                                                                                                        • Opcode ID: f48958f5918d161a0694319be938a850fb419f5da2047ebc5e922b80df3c36a6
                                                                                                                                                                                                        • Instruction ID: 974070165ecf24b803001b1188c961691f395e6d89fc30174a76e5bd0f6633ab
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f48958f5918d161a0694319be938a850fb419f5da2047ebc5e922b80df3c36a6
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C6F030A9A09E42C1EA245F32F9583766292FF49FE4F04E030ED1E47BA5DE3CD4458341
                                                                                                                                                                                                        Function 00007FFB1BB15948 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: D_get_typeDeallocFormatFromJ_nid2lnUnicode_X_get_md
                                                                                                                                                                                                        • String ID: hmac-%U
                                                                                                                                                                                                        • API String ID: 454943875-3757664071
                                                                                                                                                                                                        • Opcode ID: 745b6cf54aa3c0c2cbfdc517a5f219d6b3fde8ae047021fe71392af5eb1d5778
                                                                                                                                                                                                        • Instruction ID: 2752ad18027aaeaddfb06928507574b5d3b67721c613a934072834f20768d17a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 745b6cf54aa3c0c2cbfdc517a5f219d6b3fde8ae047021fe71392af5eb1d5778
                                                                                                                                                                                                        • Instruction Fuzzy Hash: BCF03AA5A15E42C1EA258F32F81427A6392FF44BF0F08A030DD4E0BBA4DE2CE4458340
                                                                                                                                                                                                        Function 00007FFB1BAB1000 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Capsule_Err_FreeMem_PointerUnraisableWrite
                                                                                                                                                                                                        • String ID: pyexpat.expat_CAPI
                                                                                                                                                                                                        • API String ID: 149048765-1904616036
                                                                                                                                                                                                        • Opcode ID: d7b6cc6bbe2713d9e77f8a165bba1ad6b68d4dcd3300363f6641f1505574cbc6
                                                                                                                                                                                                        • Instruction ID: 36809a08be26b73122d050c54d4d9a6489bbb0f1a4c47b9b68b637aa5601d7c8
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d7b6cc6bbe2713d9e77f8a165bba1ad6b68d4dcd3300363f6641f1505574cbc6
                                                                                                                                                                                                        • Instruction Fuzzy Hash: AFD017E0E39F0382EE299B72E80807852566F0AB71F48F230CC1E46270DE2CE098C200
                                                                                                                                                                                                        Function 00007FF7EC50C610 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2718003287-0
                                                                                                                                                                                                        • Opcode ID: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                        • Instruction ID: 4965f6ca836d1b62f1bac9d7d1a0278949dc9ec8f4584d2fdd3561954af9e239
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 77D13776B08A808AF710DF64D4412AC7771FB457DCBA08236DE5E97B89EE38E016C712
                                                                                                                                                                                                        Function 00007FF7EC50CFD0 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7EC50CFBB), ref: 00007FF7EC50D0EC
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7EC50CFBB), ref: 00007FF7EC50D177
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 953036326-0
                                                                                                                                                                                                        • Opcode ID: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                        • Instruction ID: f0c3f7dbf5eb1a46412b89a1ae13b31cb2613c7acd5806e76235646378e4ff0d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1C91D63AF1865285F750EF6594413FDABA0BB46B8CFA44136DE0E93685EE3CD442C722
                                                                                                                                                                                                        Function 00007FFB0B661FD0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 173stringCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623328160.00007FFB0B661000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFB0B660000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623310302.00007FFB0B660000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B665000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B6C2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B70E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B712000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B717000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B76F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623528885.00007FFB0B772000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623548443.00007FFB0B774000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b660000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: strncmp
                                                                                                                                                                                                        • String ID: CJK UNIFIED IDEOGRAPH-$HANGUL SYLLABLE
                                                                                                                                                                                                        • API String ID: 1114863663-87138338
                                                                                                                                                                                                        • Opcode ID: 2595fa2025d07ddf98b647c638fd1ed7edd11107ba76c08aad6fbc153bf9cbc4
                                                                                                                                                                                                        • Instruction ID: ed031cd1236bd39ab527160fea3221898b7ea1f207e8c8f08612a63d1528bb92
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2595fa2025d07ddf98b647c638fd1ed7edd11107ba76c08aad6fbc153bf9cbc4
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FD61C9B2B186424AE7648A29EC10A7AE251FB92B94F44D239FA5BC77E5DF3CD4018740
                                                                                                                                                                                                        Function 00007FF7EC50F9FC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _get_daylight$_isindst
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 4170891091-0
                                                                                                                                                                                                        • Opcode ID: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                        • Instruction ID: 64fcc14e1cfa481f3f3826008b9ee0436d1f61fa2e6e6ce997f66baabf8c3561
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                        • Instruction Fuzzy Hash: EC510776F0851186FB18EF2499567BDA7A1BB0035CFA00237DD1E92AE5EB38E401C711
                                                                                                                                                                                                        Function 00007FF7EC5057EC Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2780335769-0
                                                                                                                                                                                                        • Opcode ID: 9a0c598da5bacb08a65281ee6853743b6bc645484a6b27ddd69bc7d98502ecbe
                                                                                                                                                                                                        • Instruction ID: 7bf95fcdba7e050ec062e217e2ae295b2bd88be071345c32f040f7882a023499
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9a0c598da5bacb08a65281ee6853743b6bc645484a6b27ddd69bc7d98502ecbe
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0D51C32AE046418AFB10EF71D4513BDA3A1BF48B5CFA44836DE0D87688EF38D441C326
                                                                                                                                                                                                        Function 00007FFB1BAB143C Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Dealloc$DefaultDescr_Dict_
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2801783965-0
                                                                                                                                                                                                        • Opcode ID: 198299de0533f7fb25db8676e2d8afa8b3c882d295a21f6348b270a050ad0a07
                                                                                                                                                                                                        • Instruction ID: 88f073dac4048b571ffcefba9f40f708e02a2692ac4605ecc2ac1467e02fb293
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 198299de0533f7fb25db8676e2d8afa8b3c882d295a21f6348b270a050ad0a07
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E93171B2A28F41C2EB558B26D94026833E5FB49FA0F15A236CA5E83771DF3CE591C300
                                                                                                                                                                                                        Function 00007FFB0B7C1C80 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623763458.00007FFB0B7C1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0B7C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623744061.00007FFB0B7C0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623763458.00007FFB0B842000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623835541.00007FFB0B844000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623862928.00007FFB0B86C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B871000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B877000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B87F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b7c0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: O_find_typeO_get_data
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 280995463-0
                                                                                                                                                                                                        • Opcode ID: 0793b635f12887428af14e2403415325e3f0d94a68fe3922b5dad7fc621cca8e
                                                                                                                                                                                                        • Instruction ID: 3ef6113397bc293aafc4c208c9ab5e1925a92b4af3d4367fa01d4372eeab9edd
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0793b635f12887428af14e2403415325e3f0d94a68fe3922b5dad7fc621cca8e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 21018051F0D74241FA44AA32E840A7D9690AF44FC0F58C439EE5FDBBBADE2CE5418700
                                                                                                                                                                                                        Function 00007FFB1BAB21C0 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Dealloc$AttrFromLongLong_Object_String
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 391580422-0
                                                                                                                                                                                                        • Opcode ID: 5e03e55b678bc5a0443cf2c1e7006164ffe572822ea0865d99b750094e7f08ce
                                                                                                                                                                                                        • Instruction ID: 6a7e84d33a4dacb5545217926d799ca9be72a8cb6cda8e7634daa41d04d8e26f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5e03e55b678bc5a0443cf2c1e7006164ffe572822ea0865d99b750094e7f08ce
                                                                                                                                                                                                        • Instruction Fuzzy Hash: BD0152B1A2CF4281E6544B32E9042797692DF49BB5F08E331E52E827B5DF2CE4818301
                                                                                                                                                                                                        Function 00007FFB1BB15FE0 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Err_MemoryX_new
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1734961617-0
                                                                                                                                                                                                        • Opcode ID: 94c63df262a4752727618eea3d021b579ae0dfb84970a37590fc44994902051a
                                                                                                                                                                                                        • Instruction ID: e4358ee4bdd0ca18c79a032a4cc779eab9c4cb9c6673db6b86d1e73e00424366
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 94c63df262a4752727618eea3d021b579ae0dfb84970a37590fc44994902051a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 47015298B18E42C5EB208B72F98423B52A6FF88BD0F54E431ED0E47F65DF2CE4514600
                                                                                                                                                                                                        Function 00007FFB1BABFBAC Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2933794660-0
                                                                                                                                                                                                        • Opcode ID: 8002b875266dfaaaa1bef8c53b3ace38214313eb4a93c7299575d6948f79d9ba
                                                                                                                                                                                                        • Instruction ID: 0dbd34e3dd0b550289000016598fe8c1d1b5a53e522788b32b26d28d61b413c5
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8002b875266dfaaaa1bef8c53b3ace38214313eb4a93c7299575d6948f79d9ba
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4D115A62B24F019AEB00CF70E8442B833A4FB19768F446E31DA6E827A4DF3CD598C340
                                                                                                                                                                                                        Function 00007FFB0BF45DEC Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2624696434.00007FFB0BD91000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFB0BD90000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2624677020.00007FFB0BD90000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2624861167.00007FFB0C024000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2624861167.00007FFB0C046000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2624861167.00007FFB0C050000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2624861167.00007FFB0C053000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2624861167.00007FFB0C0C9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2624861167.00007FFB0C194000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2625112422.00007FFB0C29A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2625158051.00007FFB0C303000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2625178765.00007FFB0C30B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2625203044.00007FFB0C30C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2625252772.00007FFB0C38E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2625275553.00007FFB0C38F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2625297208.00007FFB0C392000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2625317512.00007FFB0C394000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2625339184.00007FFB0C39E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2625367455.00007FFB0C3C4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2625388198.00007FFB0C3C5000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2625408857.00007FFB0C3C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2625429178.00007FFB0C3C7000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2625450271.00007FFB0C3C9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2625472688.00007FFB0C3D5000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2625495592.00007FFB0C3D6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2625526684.00007FFB0C418000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2625554672.00007FFB0C435000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0bd90000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2933794660-0
                                                                                                                                                                                                        • Opcode ID: bc9f59a275278b22ab0751839799e916e70e964e8d0589cc8f7ba8bc18b1ab56
                                                                                                                                                                                                        • Instruction ID: 92e9b5d3572958a6c5d70ad77741b099a3d8842a77cf36da2c3d648687814735
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bc9f59a275278b22ab0751839799e916e70e964e8d0589cc8f7ba8bc18b1ab56
                                                                                                                                                                                                        • Instruction Fuzzy Hash: CD111FA6B14B1589EB00DFB0E8596A833A4FB19758F441E31DA5D477A4DF78D198C340
                                                                                                                                                                                                        Function 00007FFB1BB1420C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2933794660-0
                                                                                                                                                                                                        • Opcode ID: 1f5c876ccdba6fcc4ebef82fe60f9fc16ae777ed6024e74a52f83182aeba9f3e
                                                                                                                                                                                                        • Instruction ID: bb58867b7d7ade54f512da320b93702c895f708cfc22f0a1486b96fd79c0c856
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1f5c876ccdba6fcc4ebef82fe60f9fc16ae777ed6024e74a52f83182aeba9f3e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 88111C6AB14F01C9EB10CB71F8583A933A8F719768F445A31EA6D47BA4DF78D1A88340
                                                                                                                                                                                                        Function 00007FFB0B662C1C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623328160.00007FFB0B661000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFB0B660000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623310302.00007FFB0B660000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B665000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B6C2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B70E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B712000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B717000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B76F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623528885.00007FFB0B772000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623548443.00007FFB0B774000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b660000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2933794660-0
                                                                                                                                                                                                        • Opcode ID: 72bede81ece5e2e392027b9a3fb7c5a8727f1bec05a0bf030ff1659b91ba639d
                                                                                                                                                                                                        • Instruction ID: 7085a53f8a52d30833213268af3d90c4c223c116f0bb65c7a5509fbaef6a2adb
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 72bede81ece5e2e392027b9a3fb7c5a8727f1bec05a0bf030ff1659b91ba639d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1C111C66B14F058AEB008F70E8556A833A4FB1A758F444935EA6E867A4DF78D158C380
                                                                                                                                                                                                        Function 00007FF7EC4FD080 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2933794660-0
                                                                                                                                                                                                        • Opcode ID: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                        • Instruction ID: 8e2fffb03c3283ce647ac4a8d720d42f184daa940a7f704ac358c62e281c424c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D411362AB14F058AEB00EB60E8483A973A4FB19758F940E32DA2D867A4DF7CD159C251
                                                                                                                                                                                                        Function 00007FFB1BB1545C Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • HMAC_CTX_new.LIBCRYPTO-3 ref: 00007FFB1BB15469
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB16288: PyThread_acquire_lock.PYTHON312(?,?,?,00007FFB1BB15482), ref: 00007FFB1BB162A8
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB16288: PyEval_SaveThread.PYTHON312(?,?,?,00007FFB1BB15482), ref: 00007FFB1BB162B2
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB16288: PyThread_acquire_lock.PYTHON312(?,?,?,00007FFB1BB15482), ref: 00007FFB1BB162C4
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB16288: PyEval_RestoreThread.PYTHON312(?,?,?,00007FFB1BB15482), ref: 00007FFB1BB162CD
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB16288: HMAC_CTX_copy.LIBCRYPTO-3(?,?,?,00007FFB1BB15482), ref: 00007FFB1BB162DA
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB16288: PyThread_release_lock.PYTHON312(?,?,?,00007FFB1BB15482), ref: 00007FFB1BB162EB
                                                                                                                                                                                                        • HMAC_CTX_free.LIBCRYPTO-3 ref: 00007FFB1BB15489
                                                                                                                                                                                                        • _PyObject_New.PYTHON312 ref: 00007FFB1BB154A6
                                                                                                                                                                                                        • HMAC_CTX_free.LIBCRYPTO-3 ref: 00007FFB1BB154B4
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Eval_ThreadThread_acquire_lockX_free$Object_RestoreSaveThread_release_lockX_copyX_new
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 601750000-0
                                                                                                                                                                                                        • Opcode ID: 4f7bd4f968e9fa6be4665959d1f330380415a3617bfd4efeaf72b2bf2537e1f1
                                                                                                                                                                                                        • Instruction ID: 2c4ecf4b4f4b9ac8b54ca36dc73c73eb5f6493a1695463a2caa0559805939a93
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4f7bd4f968e9fa6be4665959d1f330380415a3617bfd4efeaf72b2bf2537e1f1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6F01FFA9A08F02C1EB649B33F95533A5292FF88BA5F18E434D90E47B74DE3CE4558240
                                                                                                                                                                                                        Function 00007FFB1BB12520 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: D_get_typeJ_nid2lnJ_nid2snX_md
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3802060142-0
                                                                                                                                                                                                        • Opcode ID: 0404c95beb30725b756a8988b9496f6ab43384884e6eac3338dacbfbd4f7b74a
                                                                                                                                                                                                        • Instruction ID: f631c2879ba868d4fa5cb629bce57525683867ba0cec5d99564410fe0101a84b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0404c95beb30725b756a8988b9496f6ab43384884e6eac3338dacbfbd4f7b74a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B9011DD9E09E02C6FF358B72F4A433A1292FF54B60F14A439C50E42AB0DE3CA8458350
                                                                                                                                                                                                        Function 00007FFB1BB12920 Relevance: 6.0, APIs: 4, Instructions: 26COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DeallocErr_MemoryObject_X_new
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 30467670-0
                                                                                                                                                                                                        • Opcode ID: c6539534df7a75188ba01b41cd5f62bd5be5b33c1491a9b9c99f9d14e28dfc47
                                                                                                                                                                                                        • Instruction ID: 959384d80f16e4df885df26c4d3d271060d3e44f70fdc6f309055edf98cbe631
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c6539534df7a75188ba01b41cd5f62bd5be5b33c1491a9b9c99f9d14e28dfc47
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5DF0BDE9A49F06C1EA755B75F80833A2292FF09B61F08A030C90D05B60EE7CA4958350
                                                                                                                                                                                                        Function 00007FFB1BB124A0 Relevance: 6.0, APIs: 4, Instructions: 26threadCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FreeObject_Thread_free_lockX_free
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3834077558-0
                                                                                                                                                                                                        • Opcode ID: 0e3ee9e7a246ae875d9609ff93cdb811ac3f7040fd01c6d03b7712e6bcbfad5e
                                                                                                                                                                                                        • Instruction ID: 5bc010f9ab054a955dcd93e7f2f513e27b31a17ba8f178bdc25b550fac4aca4a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0e3ee9e7a246ae875d9609ff93cdb811ac3f7040fd01c6d03b7712e6bcbfad5e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7CF0BDAAA08D46C5EA299B36F95433A2362FB59FA5F14A030DA0E42A74CE2CD495C700
                                                                                                                                                                                                        Function 00007FFB1BB15F8C Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DeallocFreeObject_Thread_free_lockX_free
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 133976240-0
                                                                                                                                                                                                        • Opcode ID: 8686540210f203e29597c96ca17429842755d092b4cc94add488c2405dbf898a
                                                                                                                                                                                                        • Instruction ID: 5fb93de393a010f53ef4538ac79afc795957e6a310370535efd6e3454af1cdef
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8686540210f203e29597c96ca17429842755d092b4cc94add488c2405dbf898a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7FF094A9A18E45C1DB145F76F55433A6361FB48FA5F58A030DE0E43A74CF3CD4958701
                                                                                                                                                                                                        Function 00007FF7EC515B8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                        • String ID: ?
                                                                                                                                                                                                        • API String ID: 1286766494-1684325040
                                                                                                                                                                                                        • Opcode ID: 8108d8be77440c3e9c62f2a415d3a3f63afd5a4d850aaf976d1496cecaf540be
                                                                                                                                                                                                        • Instruction ID: 76298e1d0ecd453a52886459d7e03e3579bd486f5bf463552c214c5db17a2551
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8108d8be77440c3e9c62f2a415d3a3f63afd5a4d850aaf976d1496cecaf540be
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2F41181AA18A8246FB24AB25D44937AD650EB90BA8FF44237EE5C07BD5DF3CD441C712
                                                                                                                                                                                                        Function 00007FF7EC509084 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7EC5090B6
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC50A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF7EC512D92,?,?,?,00007FF7EC512DCF,?,?,00000000,00007FF7EC513295,?,?,?,00007FF7EC5131C7), ref: 00007FF7EC50A9CE
                                                                                                                                                                                                          • Part of subcall function 00007FF7EC50A9B8: GetLastError.KERNEL32(?,?,?,00007FF7EC512D92,?,?,?,00007FF7EC512DCF,?,?,00000000,00007FF7EC513295,?,?,?,00007FF7EC5131C7), ref: 00007FF7EC50A9D8
                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF7EC4FCC15), ref: 00007FF7EC5090D4
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                        • String ID: C:\Users\user\Desktop\ihNipdQaIz.exe
                                                                                                                                                                                                        • API String ID: 3580290477-9112941
                                                                                                                                                                                                        • Opcode ID: 2cf9991d5cc0f55d4af5251d222b056ff2fa25707e1fd1ed9fb4097698885552
                                                                                                                                                                                                        • Instruction ID: 8df266930b0c28f5af27eb5ff929c857134860654896c02cfe904024a5edfe10
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2cf9991d5cc0f55d4af5251d222b056ff2fa25707e1fd1ed9fb4097698885552
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 81418439A08B02C5F714BF2599562BDA394FB447C8BA54037E94D83B8AEE3DD441C361
                                                                                                                                                                                                        Function 00007FF7EC50CCA8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ErrorFileLastWrite
                                                                                                                                                                                                        • String ID: U
                                                                                                                                                                                                        • API String ID: 442123175-4171548499
                                                                                                                                                                                                        • Opcode ID: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                        • Instruction ID: 8448feaee86b1e5aed8b681b7a027bf153653b67daf97179829d87102a59ad9e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F641F837B18A9181EB20EF25E4453A9A760FB89794F904032EE4DC7788EF3CE401CB12
                                                                                                                                                                                                        Function 00007FFB1BABC7B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DeallocErr_String
                                                                                                                                                                                                        • String ID: Cannot delete attribute
                                                                                                                                                                                                        • API String ID: 1259552197-1790985853
                                                                                                                                                                                                        • Opcode ID: 6471907eac38254ec4a04b7abb4abceb6a3e09b8cc93c8e6650c84e9ad14b990
                                                                                                                                                                                                        • Instruction ID: 37b04782aa1417400d3e80129a15d7538a4b3c01503f15060ef9d060d5f08331
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6471907eac38254ec4a04b7abb4abceb6a3e09b8cc93c8e6650c84e9ad14b990
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B731A0B2B28E42C6EB648B75E64453963A2FB44BB4F04A231EA5D47B78DF3CE441C740
                                                                                                                                                                                                        Function 00007FF7EC50F628 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CurrentDirectory
                                                                                                                                                                                                        • String ID: :
                                                                                                                                                                                                        • API String ID: 1611563598-336475711
                                                                                                                                                                                                        • Opcode ID: 779a21297323b81187f7e0c7d27b40be9ec8fbab2d126766b2de98969da868de
                                                                                                                                                                                                        • Instruction ID: 5f56afda0ec1808181a7dd70399044d1083d60eb3f4a5b72135410e0433d6253
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 779a21297323b81187f7e0c7d27b40be9ec8fbab2d126766b2de98969da868de
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A021E966A0868182FB24AB11D44537EB3B1FB84B88FE54137D68C83694EF7CD945C762
                                                                                                                                                                                                        Function 00007FFB1BB13170 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • PyObject_IsTrue.PYTHON312 ref: 00007FFB1BB131EB
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON312 ref: 00007FFB1BB11062
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _Py_hashtable_get.PYTHON312 ref: 00007FFB1BB11072
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_up_ref.LIBCRYPTO-3 ref: 00007FFB1BB1109C
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_get_flags.LIBCRYPTO-3 ref: 00007FFB1BB110A5
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON312 ref: 00007FFB1BB110B6
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _PyObject_New.PYTHON312 ref: 00007FFB1BB110BF
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_CTX_new.LIBCRYPTO-3 ref: 00007FFB1BB110D1
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_DigestInit_ex.LIBCRYPTO-3 ref: 00007FFB1BB110ED
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_free.LIBCRYPTO-3 ref: 00007FFB1BB11135
                                                                                                                                                                                                        • _PyArg_UnpackKeywords.PYTHON312 ref: 00007FFB1BB1323B
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Module_Object_State$Arg_D_freeD_get_flagsD_up_refDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                                                                                                                                                        • String ID: sha3_512
                                                                                                                                                                                                        • API String ID: 668498394-1707686796
                                                                                                                                                                                                        • Opcode ID: 8551997a28cd4697968f1ad4dcc4bd310a4268c673ab7666ab9813cd8649f16a
                                                                                                                                                                                                        • Instruction ID: 62fe0a24b6552e86c31f8465aeabfb39de34e60bbc1e6b37cfe785728ba0da22
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8551997a28cd4697968f1ad4dcc4bd310a4268c673ab7666ab9813cd8649f16a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A521D3BAB09F81D1EA308B22F44436A62A5FF44BE4F189130DE4D43B24EF7DD9418740
                                                                                                                                                                                                        Function 00007FFB1BB13090 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • PyObject_IsTrue.PYTHON312 ref: 00007FFB1BB1310B
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON312 ref: 00007FFB1BB11062
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _Py_hashtable_get.PYTHON312 ref: 00007FFB1BB11072
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_up_ref.LIBCRYPTO-3 ref: 00007FFB1BB1109C
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_get_flags.LIBCRYPTO-3 ref: 00007FFB1BB110A5
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON312 ref: 00007FFB1BB110B6
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _PyObject_New.PYTHON312 ref: 00007FFB1BB110BF
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_CTX_new.LIBCRYPTO-3 ref: 00007FFB1BB110D1
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_DigestInit_ex.LIBCRYPTO-3 ref: 00007FFB1BB110ED
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_free.LIBCRYPTO-3 ref: 00007FFB1BB11135
                                                                                                                                                                                                        • _PyArg_UnpackKeywords.PYTHON312 ref: 00007FFB1BB1315B
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Module_Object_State$Arg_D_freeD_get_flagsD_up_refDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                                                                                                                                                        • String ID: sha224
                                                                                                                                                                                                        • API String ID: 668498394-4253541148
                                                                                                                                                                                                        • Opcode ID: 11ea27ade08a642c56f6016a58158382467f30d71e3626ab883f0c842ee1883b
                                                                                                                                                                                                        • Instruction ID: 037118b6c149092102a156048a333070c4d87d1723fb71564ba3cf6a86a6a22a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 11ea27ade08a642c56f6016a58158382467f30d71e3626ab883f0c842ee1883b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3721A1B9609F41D6EA708B22F4847AB62A9FB44BE4F189131DE4D43B64EF3DD5418700
                                                                                                                                                                                                        Function 00007FFB1BB12C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • PyObject_IsTrue.PYTHON312 ref: 00007FFB1BB12CAB
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON312 ref: 00007FFB1BB11062
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _Py_hashtable_get.PYTHON312 ref: 00007FFB1BB11072
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_up_ref.LIBCRYPTO-3 ref: 00007FFB1BB1109C
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_get_flags.LIBCRYPTO-3 ref: 00007FFB1BB110A5
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON312 ref: 00007FFB1BB110B6
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _PyObject_New.PYTHON312 ref: 00007FFB1BB110BF
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_CTX_new.LIBCRYPTO-3 ref: 00007FFB1BB110D1
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_DigestInit_ex.LIBCRYPTO-3 ref: 00007FFB1BB110ED
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_free.LIBCRYPTO-3 ref: 00007FFB1BB11135
                                                                                                                                                                                                        • _PyArg_UnpackKeywords.PYTHON312 ref: 00007FFB1BB12CFB
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Module_Object_State$Arg_D_freeD_get_flagsD_up_refDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                                                                                                                                                        • String ID: sha256
                                                                                                                                                                                                        • API String ID: 668498394-1556616439
                                                                                                                                                                                                        • Opcode ID: 73dd7e4a53bbf78556748dc21125f21b202d96c0407ec2c59bc9873af97afc2e
                                                                                                                                                                                                        • Instruction ID: 77c798954642bfd87ea8a14eaff8643a4a0506edd9b364e40fea74af34101fb4
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 73dd7e4a53bbf78556748dc21125f21b202d96c0407ec2c59bc9873af97afc2e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7E217FFAA08F41C6EA708B22F44476A6295FB44BE4F189130DE4D47B65EFBDD5418740
                                                                                                                                                                                                        Function 00007FFB1BB13330 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • PyObject_IsTrue.PYTHON312 ref: 00007FFB1BB133AB
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON312 ref: 00007FFB1BB11062
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _Py_hashtable_get.PYTHON312 ref: 00007FFB1BB11072
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_up_ref.LIBCRYPTO-3 ref: 00007FFB1BB1109C
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_get_flags.LIBCRYPTO-3 ref: 00007FFB1BB110A5
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON312 ref: 00007FFB1BB110B6
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _PyObject_New.PYTHON312 ref: 00007FFB1BB110BF
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_CTX_new.LIBCRYPTO-3 ref: 00007FFB1BB110D1
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_DigestInit_ex.LIBCRYPTO-3 ref: 00007FFB1BB110ED
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_free.LIBCRYPTO-3 ref: 00007FFB1BB11135
                                                                                                                                                                                                        • _PyArg_UnpackKeywords.PYTHON312 ref: 00007FFB1BB133FB
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Module_Object_State$Arg_D_freeD_get_flagsD_up_refDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                                                                                                                                                        • String ID: sha3_256
                                                                                                                                                                                                        • API String ID: 668498394-59190292
                                                                                                                                                                                                        • Opcode ID: 5970a6894764866d4c1ba62aae846c404b4f4e55662d6726b91c2ef41ae8aa89
                                                                                                                                                                                                        • Instruction ID: 9384f3049a7736d2e84ce65d5acd5186ff42ced0a05843f57e11021bd9449d9b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5970a6894764866d4c1ba62aae846c404b4f4e55662d6726b91c2ef41ae8aa89
                                                                                                                                                                                                        • Instruction Fuzzy Hash: AD21B3B9A0AF51D6EA708B22F4843AA6295FB44BE4F189131DE4D43B64EF3CD9418744
                                                                                                                                                                                                        Function 00007FFB1BB13250 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • PyObject_IsTrue.PYTHON312 ref: 00007FFB1BB132CB
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON312 ref: 00007FFB1BB11062
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _Py_hashtable_get.PYTHON312 ref: 00007FFB1BB11072
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_up_ref.LIBCRYPTO-3 ref: 00007FFB1BB1109C
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_get_flags.LIBCRYPTO-3 ref: 00007FFB1BB110A5
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON312 ref: 00007FFB1BB110B6
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _PyObject_New.PYTHON312 ref: 00007FFB1BB110BF
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_CTX_new.LIBCRYPTO-3 ref: 00007FFB1BB110D1
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_DigestInit_ex.LIBCRYPTO-3 ref: 00007FFB1BB110ED
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_free.LIBCRYPTO-3 ref: 00007FFB1BB11135
                                                                                                                                                                                                        • _PyArg_UnpackKeywords.PYTHON312 ref: 00007FFB1BB1331B
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Module_Object_State$Arg_D_freeD_get_flagsD_up_refDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                                                                                                                                                        • String ID: sha3_384
                                                                                                                                                                                                        • API String ID: 668498394-1508202818
                                                                                                                                                                                                        • Opcode ID: ef15b793a7d45df44db26eeae957f7d3743db37d16c796473c175f889a8f7ed8
                                                                                                                                                                                                        • Instruction ID: fffbd631cea0bb46e2823b7eb4194723413feb4266b386bd2dde546f084e23eb
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ef15b793a7d45df44db26eeae957f7d3743db37d16c796473c175f889a8f7ed8
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8521A1B9B09F51D6EA709B22F44036A6295FB48BE4F189135DE4D43B64EF3DD8418780
                                                                                                                                                                                                        Function 00007FFB1BB12DF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • PyObject_IsTrue.PYTHON312 ref: 00007FFB1BB12E6B
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON312 ref: 00007FFB1BB11062
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _Py_hashtable_get.PYTHON312 ref: 00007FFB1BB11072
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_up_ref.LIBCRYPTO-3 ref: 00007FFB1BB1109C
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_get_flags.LIBCRYPTO-3 ref: 00007FFB1BB110A5
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON312 ref: 00007FFB1BB110B6
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _PyObject_New.PYTHON312 ref: 00007FFB1BB110BF
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_CTX_new.LIBCRYPTO-3 ref: 00007FFB1BB110D1
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_DigestInit_ex.LIBCRYPTO-3 ref: 00007FFB1BB110ED
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_free.LIBCRYPTO-3 ref: 00007FFB1BB11135
                                                                                                                                                                                                        • _PyArg_UnpackKeywords.PYTHON312 ref: 00007FFB1BB12EBB
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Module_Object_State$Arg_D_freeD_get_flagsD_up_refDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                                                                                                                                                        • String ID: sha1
                                                                                                                                                                                                        • API String ID: 668498394-858918954
                                                                                                                                                                                                        • Opcode ID: ec462283f9d4fb1ab18c0930b375ecd354746caf544ed08c2e7747ddd1c65a7e
                                                                                                                                                                                                        • Instruction ID: 51139375ac40d461837b3c4a668b9adfcd53cfff2a8882767aba4ec61001309e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ec462283f9d4fb1ab18c0930b375ecd354746caf544ed08c2e7747ddd1c65a7e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 87218CFAA08F41C6EA71CB22F40476A6296FB48BE4F18A130DE4D43B64EF7CD8418700
                                                                                                                                                                                                        Function 00007FFB1BB134F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • PyObject_IsTrue.PYTHON312 ref: 00007FFB1BB1356B
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON312 ref: 00007FFB1BB11062
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _Py_hashtable_get.PYTHON312 ref: 00007FFB1BB11072
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_up_ref.LIBCRYPTO-3 ref: 00007FFB1BB1109C
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_get_flags.LIBCRYPTO-3 ref: 00007FFB1BB110A5
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON312 ref: 00007FFB1BB110B6
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _PyObject_New.PYTHON312 ref: 00007FFB1BB110BF
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_CTX_new.LIBCRYPTO-3 ref: 00007FFB1BB110D1
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_DigestInit_ex.LIBCRYPTO-3 ref: 00007FFB1BB110ED
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_free.LIBCRYPTO-3 ref: 00007FFB1BB11135
                                                                                                                                                                                                        • _PyArg_UnpackKeywords.PYTHON312 ref: 00007FFB1BB135BB
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Module_Object_State$Arg_D_freeD_get_flagsD_up_refDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                                                                                                                                                        • String ID: shake_256
                                                                                                                                                                                                        • API String ID: 668498394-3942869344
                                                                                                                                                                                                        • Opcode ID: aeb7a0538eae88799b9989ea1459833da3a3fdb7f8b8672089ac103b367f768a
                                                                                                                                                                                                        • Instruction ID: 7f8f500e8ada7ff8d17a7cc570dc15c7e72b7665273f08ec2f3604153d86bc1b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: aeb7a0538eae88799b9989ea1459833da3a3fdb7f8b8672089ac103b367f768a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5721AFBAA0AF41D6EA708B22F48476AA2A5FB44FE4F589130DE4D43B64EF7CD4418700
                                                                                                                                                                                                        Function 00007FFB1BB12D10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • PyObject_IsTrue.PYTHON312 ref: 00007FFB1BB12D8B
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON312 ref: 00007FFB1BB11062
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _Py_hashtable_get.PYTHON312 ref: 00007FFB1BB11072
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_up_ref.LIBCRYPTO-3 ref: 00007FFB1BB1109C
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_get_flags.LIBCRYPTO-3 ref: 00007FFB1BB110A5
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON312 ref: 00007FFB1BB110B6
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _PyObject_New.PYTHON312 ref: 00007FFB1BB110BF
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_CTX_new.LIBCRYPTO-3 ref: 00007FFB1BB110D1
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_DigestInit_ex.LIBCRYPTO-3 ref: 00007FFB1BB110ED
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_free.LIBCRYPTO-3 ref: 00007FFB1BB11135
                                                                                                                                                                                                        • _PyArg_UnpackKeywords.PYTHON312 ref: 00007FFB1BB12DDB
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Module_Object_State$Arg_D_freeD_get_flagsD_up_refDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                                                                                                                                                        • String ID: md5
                                                                                                                                                                                                        • API String ID: 668498394-3899452385
                                                                                                                                                                                                        • Opcode ID: c516091b16cb0bfcb88ebd91853114d9aef40db96eda1f0265655098a6c787c2
                                                                                                                                                                                                        • Instruction ID: 5ca9be38e213e3d3b6660940275df4ec956afb5fd5ee072dccf390cb463d23af
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c516091b16cb0bfcb88ebd91853114d9aef40db96eda1f0265655098a6c787c2
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A218EF9A08F52C5EE708B22F40076A6295FB48BE4F199131DE4D47B68EF3CD5458740
                                                                                                                                                                                                        Function 00007FFB1BB13410 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • PyObject_IsTrue.PYTHON312 ref: 00007FFB1BB1348B
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON312 ref: 00007FFB1BB11062
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _Py_hashtable_get.PYTHON312 ref: 00007FFB1BB11072
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_up_ref.LIBCRYPTO-3 ref: 00007FFB1BB1109C
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_get_flags.LIBCRYPTO-3 ref: 00007FFB1BB110A5
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON312 ref: 00007FFB1BB110B6
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _PyObject_New.PYTHON312 ref: 00007FFB1BB110BF
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_CTX_new.LIBCRYPTO-3 ref: 00007FFB1BB110D1
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_DigestInit_ex.LIBCRYPTO-3 ref: 00007FFB1BB110ED
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_free.LIBCRYPTO-3 ref: 00007FFB1BB11135
                                                                                                                                                                                                        • _PyArg_UnpackKeywords.PYTHON312 ref: 00007FFB1BB134DB
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Module_Object_State$Arg_D_freeD_get_flagsD_up_refDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                                                                                                                                                        • String ID: sha3_224
                                                                                                                                                                                                        • API String ID: 668498394-2731072511
                                                                                                                                                                                                        • Opcode ID: c9654b48942b6572d79a6e9032d50eed60d411e053b9b1dfe93c21fde7b80f5e
                                                                                                                                                                                                        • Instruction ID: 319255f63f5bd70ec94f75ba7a6f7111cb03ef085125b830d801d0930d6be123
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c9654b48942b6572d79a6e9032d50eed60d411e053b9b1dfe93c21fde7b80f5e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D021CFBAA09F41D6EA71CB22F49436A62A5FB48BE4F189130DE4D53B24EF3CD8418700
                                                                                                                                                                                                        Function 00007FFB1BB12FB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • PyObject_IsTrue.PYTHON312 ref: 00007FFB1BB1302B
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON312 ref: 00007FFB1BB11062
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _Py_hashtable_get.PYTHON312 ref: 00007FFB1BB11072
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_up_ref.LIBCRYPTO-3 ref: 00007FFB1BB1109C
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_get_flags.LIBCRYPTO-3 ref: 00007FFB1BB110A5
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON312 ref: 00007FFB1BB110B6
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _PyObject_New.PYTHON312 ref: 00007FFB1BB110BF
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_CTX_new.LIBCRYPTO-3 ref: 00007FFB1BB110D1
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_DigestInit_ex.LIBCRYPTO-3 ref: 00007FFB1BB110ED
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_free.LIBCRYPTO-3 ref: 00007FFB1BB11135
                                                                                                                                                                                                        • _PyArg_UnpackKeywords.PYTHON312 ref: 00007FFB1BB1307B
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Module_Object_State$Arg_D_freeD_get_flagsD_up_refDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                                                                                                                                                        • String ID: sha384
                                                                                                                                                                                                        • API String ID: 668498394-111829409
                                                                                                                                                                                                        • Opcode ID: 9ca527da3391825136a4489b607d6007a7a7f66ade8fdd23d02b5abb84f623ab
                                                                                                                                                                                                        • Instruction ID: 4a93d8f701b0a26774e268e1c4c4aeddb3943ee72e77931a5cbbb03bcccee2bf
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9ca527da3391825136a4489b607d6007a7a7f66ade8fdd23d02b5abb84f623ab
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 712190B9A09F41D9EA708B22F84476A6299FB44BE4F099130DE4D43B64EF3DD5408700
                                                                                                                                                                                                        Function 00007FFB1BB12ED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • PyObject_IsTrue.PYTHON312 ref: 00007FFB1BB12F4B
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON312 ref: 00007FFB1BB11062
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _Py_hashtable_get.PYTHON312 ref: 00007FFB1BB11072
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_up_ref.LIBCRYPTO-3 ref: 00007FFB1BB1109C
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_get_flags.LIBCRYPTO-3 ref: 00007FFB1BB110A5
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON312 ref: 00007FFB1BB110B6
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _PyObject_New.PYTHON312 ref: 00007FFB1BB110BF
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_CTX_new.LIBCRYPTO-3 ref: 00007FFB1BB110D1
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_DigestInit_ex.LIBCRYPTO-3 ref: 00007FFB1BB110ED
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_free.LIBCRYPTO-3 ref: 00007FFB1BB11135
                                                                                                                                                                                                        • _PyArg_UnpackKeywords.PYTHON312 ref: 00007FFB1BB12F9B
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Module_Object_State$Arg_D_freeD_get_flagsD_up_refDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                                                                                                                                                        • String ID: sha512
                                                                                                                                                                                                        • API String ID: 668498394-981861231
                                                                                                                                                                                                        • Opcode ID: f293458e5ed5fb1d4ee8187fad01960640b05ed45ab1c415279b6a1be4c72e6a
                                                                                                                                                                                                        • Instruction ID: ccfdbe25dd64c7ee8ba276c78c539bfb5e6afe5b83b1f9c4b03560a71598e02b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f293458e5ed5fb1d4ee8187fad01960640b05ed45ab1c415279b6a1be4c72e6a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 462183FA608F41C6EA748B22F44476A6396FB45BE4F189130DE4D47B64DF7DD5418700
                                                                                                                                                                                                        Function 00007FFB1BB135D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • PyObject_IsTrue.PYTHON312 ref: 00007FFB1BB1364B
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON312 ref: 00007FFB1BB11062
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _Py_hashtable_get.PYTHON312 ref: 00007FFB1BB11072
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_up_ref.LIBCRYPTO-3 ref: 00007FFB1BB1109C
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_get_flags.LIBCRYPTO-3 ref: 00007FFB1BB110A5
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: PyModule_GetState.PYTHON312 ref: 00007FFB1BB110B6
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: _PyObject_New.PYTHON312 ref: 00007FFB1BB110BF
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_CTX_new.LIBCRYPTO-3 ref: 00007FFB1BB110D1
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_DigestInit_ex.LIBCRYPTO-3 ref: 00007FFB1BB110ED
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BB11000: EVP_MD_free.LIBCRYPTO-3 ref: 00007FFB1BB11135
                                                                                                                                                                                                        • _PyArg_UnpackKeywords.PYTHON312 ref: 00007FFB1BB1369B
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627673516.00007FFB1BB11000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB1BB10000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627649811.00007FFB1BB10000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627696720.00007FFB1BB17000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627720243.00007FFB1BB1C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627744122.00007FFB1BB1E000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bb10000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Module_Object_State$Arg_D_freeD_get_flagsD_up_refDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                                                                                                                                                        • String ID: shake_128
                                                                                                                                                                                                        • API String ID: 668498394-1102867705
                                                                                                                                                                                                        • Opcode ID: 331d57a877ca0b45dc7dfe8088a632a3fb9327f3124e0b7ca63df5a1b6fe6706
                                                                                                                                                                                                        • Instruction ID: 6ea04c715f3faa15adb6748a2bfb3c849823c6716a8ad8ad1cbe0739dffd70b3
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 331d57a877ca0b45dc7dfe8088a632a3fb9327f3124e0b7ca63df5a1b6fe6706
                                                                                                                                                                                                        • Instruction Fuzzy Hash: EC21B3B9A0DF41D5EA708B22F48476A6296FB49BE4F089130DE4D43B64EF7DD541C700
                                                                                                                                                                                                        Function 00007FFB18B71EB0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • _wassert.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,?,?,00007FFB18B71E02), ref: 00007FFB18B71EF4
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2626311044.00007FFB18B71000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFB18B70000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2626283956.00007FFB18B70000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2626331484.00007FFB18B73000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2626352460.00007FFB18B74000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2626372506.00007FFB18B75000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb18b70000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _wassert
                                                                                                                                                                                                        • String ID: (void*)in != (void*)out$src/scrypt.c
                                                                                                                                                                                                        • API String ID: 3234217646-1092544927
                                                                                                                                                                                                        • Opcode ID: b1a4e3b3e2a0e0797d6cdbaf5825b108bf68dc55db4e2b5cc03aba4bda832255
                                                                                                                                                                                                        • Instruction ID: 353f2b9b51177c14048e861d9057cde87be3660192c6973f4d97390e4d56d590
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b1a4e3b3e2a0e0797d6cdbaf5825b108bf68dc55db4e2b5cc03aba4bda832255
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9711C2A6B04F9182DB248B06FC402AAA662FB94FD0F484035EE5D0BB94DE3DC546C308
                                                                                                                                                                                                        Function 00007FF7EC4FFDB8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                        • API String ID: 2573137834-1018135373
                                                                                                                                                                                                        • Opcode ID: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                        • Instruction ID: 3091680f4e794c10bf0561491728ae1211a1b7896cbed1027eca283969677198
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5A116036608B8182EB209F15F440259BBE5FB88B88F984235DF8D07755DF3CC565CB00
                                                                                                                                                                                                        Function 00007FFB0B834C26 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623763458.00007FFB0B7C1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0B7C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623744061.00007FFB0B7C0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623763458.00007FFB0B842000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623835541.00007FFB0B844000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623862928.00007FFB0B86C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B871000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B877000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B87F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b7c0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: O_clear_flagsO_set_flags
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3946675294-3916222277
                                                                                                                                                                                                        • Opcode ID: f459d6eae67273c59825f5057afe2b67be746f4c1442368492863615d66421ec
                                                                                                                                                                                                        • Instruction ID: e6558952a0ce5cc6b224aaa36d7ecd28514faef36916b8fbd5753a414d9a07d5
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f459d6eae67273c59825f5057afe2b67be746f4c1442368492863615d66421ec
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 43014BA3A0834246FBA59B75D054B7C2681EF84B44F5C8035C60E8B7F6DABD98D69710
                                                                                                                                                                                                        Function 00007FFB1BABB998 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CallObject_Traceback_
                                                                                                                                                                                                        • String ID: D:\a\1\s\Modules\pyexpat.c
                                                                                                                                                                                                        • API String ID: 1142842016-3460214922
                                                                                                                                                                                                        • Opcode ID: 1a600ec7d4875e39bf93d30d6745aa189c028c88c2e6d35a7aaec0f8f5e3f344
                                                                                                                                                                                                        • Instruction ID: 4518967d7a27a80575500ecf13624d701658082884f48197c8af06a221355477
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1a600ec7d4875e39bf93d30d6745aa189c028c88c2e6d35a7aaec0f8f5e3f344
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 470184F6B18B4182EA688B26E4441396292FB48FE0F58E634DD5D47B68DF3CD481C700
                                                                                                                                                                                                        Function 00007FF7EC5107AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623181564.00007FF7EC4F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7EC4F0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623161906.00007FF7EC4F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623207716.00007FF7EC51B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC52E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623231094.00007FF7EC531000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623269295.00007FF7EC545000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff7ec4f0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                        • String ID: :
                                                                                                                                                                                                        • API String ID: 2595371189-336475711
                                                                                                                                                                                                        • Opcode ID: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                        • Instruction ID: 8d550e449503e5139f1b3305ec37853b38ab887fc11c086c0f7c6e74d7d952e4
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: ED01842A91C74385F725BF60946A37EA7A0EF88748FE01037D55D82691EF3CE544CB26
                                                                                                                                                                                                        Function 00007FFB0B7D4BAA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623763458.00007FFB0B7C1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFB0B7C0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623744061.00007FFB0B7C0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623763458.00007FFB0B842000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623835541.00007FFB0B844000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623862928.00007FFB0B86C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B871000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B877000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623882257.00007FFB0B87F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b7c0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: O_snprintf
                                                                                                                                                                                                        • String ID: DES(56)$SHA256
                                                                                                                                                                                                        • API String ID: 3142812517-3688456565
                                                                                                                                                                                                        • Opcode ID: 330be10122b969ef588f184c2212ba202d4cac339f436a845f9b0d9464ea6a49
                                                                                                                                                                                                        • Instruction ID: bd8657e5359b4b35ae32faef5eb435dd2e1bf6a1761ed6026a796f55f71bc2bb
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 330be10122b969ef588f184c2212ba202d4cac339f436a845f9b0d9464ea6a49
                                                                                                                                                                                                        • Instruction Fuzzy Hash: EB019EB3C0978580F2B48B34E4448796674FB41790F058032DF8EA3B788F3CE840A604
                                                                                                                                                                                                        Function 00007FFB0B664B1C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623328160.00007FFB0B661000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFB0B660000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623310302.00007FFB0B660000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B665000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B6C2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B70E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B712000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B717000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B76F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623528885.00007FFB0B772000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623548443.00007FFB0B774000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b660000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: String$Err_FromUnicode_
                                                                                                                                                                                                        • String ID: no such name
                                                                                                                                                                                                        • API String ID: 3678473424-4211486178
                                                                                                                                                                                                        • Opcode ID: 486a057b87cc78e3bf1f4718cf85fd2ddf776dd4b60ee12a49ea37b0645cc7c2
                                                                                                                                                                                                        • Instruction ID: c2f94db7b2488690d4773b93e0769dfcc536fcfcc8fda92fa8b0667021cd1e02
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 486a057b87cc78e3bf1f4718cf85fd2ddf776dd4b60ee12a49ea37b0645cc7c2
                                                                                                                                                                                                        • Instruction Fuzzy Hash: CE0144B1A1C6469AFB619B31EC51BB5A394BF99784F448035EA4FC6770EF2CE0048B00
                                                                                                                                                                                                        Function 00007FFB1BAC9E54 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Err_Object_StringTrue
                                                                                                                                                                                                        • String ID: Cannot delete attribute
                                                                                                                                                                                                        • API String ID: 1323943456-1790985853
                                                                                                                                                                                                        • Opcode ID: 858c565be927baa8354e3bc02c42fe573011c1cf2740cee818f287bc71e5b27f
                                                                                                                                                                                                        • Instruction ID: fb3c752d6f775d2106784ed811e431d97b65ba3f90ec496944ef0575f93f53b5
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 858c565be927baa8354e3bc02c42fe573011c1cf2740cee818f287bc71e5b27f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8EF01DE5B2AF0382FB168B79D55517522A3AF94BB4B14A331C91DCA2B4EF2CD4858700
                                                                                                                                                                                                        Function 00007FFB1BAC9F18 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BACC7F0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,00007FFB1BAC9F33), ref: 00007FFB1BACC7F6
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BACC7F0: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FFB1BAC9F33), ref: 00007FFB1BACC804
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BACC7F0: strtoul.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,?,00007FFB1BAC9F33), ref: 00007FFB1BACC820
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BACC7F0: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FFB1BAC9F33), ref: 00007FFB1BACC828
                                                                                                                                                                                                        • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FFB1BAC9F3D
                                                                                                                                                                                                          • Part of subcall function 00007FFB1BACC464: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFB1BAC280E), ref: 00007FFB1BACC49A
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: _errno$__acrt_iob_func__stdio_common_vfprintfgetenvstrtoul
                                                                                                                                                                                                        • String ID: EXPAT_ENTROPY_DEBUG$expat: Entropy: %s --> 0x%0*lx (%lu bytes)
                                                                                                                                                                                                        • API String ID: 1947085748-401753140
                                                                                                                                                                                                        • Opcode ID: 36afac79b032e58b1ba5b3f68df240f9925b8eef56ec6f8745108c7046c73c48
                                                                                                                                                                                                        • Instruction ID: 07b797c721d90a849079dda2bc459ada14a63d63b5be9fca1cfee0a375d5d4f0
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 36afac79b032e58b1ba5b3f68df240f9925b8eef56ec6f8745108c7046c73c48
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0AF0ECB5728A4181E7109B65F484278A722FB48BA4F94D239EB4C83775CE3CC549C704
                                                                                                                                                                                                        Function 00007FFB1BABE1F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Err_Object_StringTrue
                                                                                                                                                                                                        • String ID: Cannot delete attribute
                                                                                                                                                                                                        • API String ID: 1323943456-1790985853
                                                                                                                                                                                                        • Opcode ID: cb51e1b4e04f3d600183107c8c6a09093a40f18d21fe0e58c4a0a42110413b6d
                                                                                                                                                                                                        • Instruction ID: bf6629d9a21e760d5ecb591e835f63720cb40acd2866f6f783ab090e140c3b40
                                                                                                                                                                                                        • Opcode Fuzzy Hash: cb51e1b4e04f3d600183107c8c6a09093a40f18d21fe0e58c4a0a42110413b6d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B8E0EDE4A68E0382EE148B75D9801742362AF49BB5B24E731C92D861B4EE3CE1959341
                                                                                                                                                                                                        Function 00007FFB1BAC9ED4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Err_Object_StringTrue
                                                                                                                                                                                                        • String ID: Cannot delete attribute
                                                                                                                                                                                                        • API String ID: 1323943456-1790985853
                                                                                                                                                                                                        • Opcode ID: 6401f4805a06bf600897dfd5fd6b1546fd6f6f15ec37029b563d270715b12bd9
                                                                                                                                                                                                        • Instruction ID: 198f0e04cf2c960b257024b28d8170132b5eaae1635b8c9ab799a76a67e8f118
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6401f4805a06bf600897dfd5fd6b1546fd6f6f15ec37029b563d270715b12bd9
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F8E012E0B28F0382EB158B76D8801351362AF54BB4B14E331C91D861B4EF2CE0958740
                                                                                                                                                                                                        Function 00007FFB0B6625C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • _PyObject_GC_New.PYTHON312(?,?,00000000,00007FFB0B662533), ref: 00007FFB0B6625C6
                                                                                                                                                                                                        • PyObject_GC_Track.PYTHON312(?,?,00000000,00007FFB0B662533), ref: 00007FFB0B6625F8
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2623328160.00007FFB0B661000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFB0B660000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623310302.00007FFB0B660000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B665000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B6C2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B70E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B712000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B717000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623347470.00007FFB0B76F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623528885.00007FFB0B772000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2623548443.00007FFB0B774000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb0b660000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Object_$Track
                                                                                                                                                                                                        • String ID: 3.2.0
                                                                                                                                                                                                        • API String ID: 16854473-1786766648
                                                                                                                                                                                                        • Opcode ID: f91d149df4c654f8be0df0ef2da4b36c9d06b56ee9d54162962ccaca08fa2000
                                                                                                                                                                                                        • Instruction ID: db9d9f13bc6eab00a61ae9520568afe208b6cdd27a24faabf7723dff1a27eca6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f91d149df4c654f8be0df0ef2da4b36c9d06b56ee9d54162962ccaca08fa2000
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 97E0EDA5A16B06AAEB158B31EC55464A3A4AF1AB44B544139DD4F82330FF3CE164C380
                                                                                                                                                                                                        Function 00007FFB1BAB1CBD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000002.00000002.2627541618.00007FFB1BAB1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB1BAB0000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627516798.00007FFB1BAB0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627572667.00007FFB1BAD2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627600327.00007FFB1BADB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000002.00000002.2627625164.00007FFB1BADD000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffb1bab0000_ihNipdQaIz.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Dealloc$Module_Object
                                                                                                                                                                                                        • String ID: messages
                                                                                                                                                                                                        • API String ID: 2333862340-3674349206
                                                                                                                                                                                                        • Opcode ID: bf68223f89ed336f97c1eed3856a1a3ab07f43c088f49820028694402cefcaa9
                                                                                                                                                                                                        • Instruction ID: 907433ba332a93e5477060c8a8307a8c41bd4be068a59465ffab7125a9ecb34e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bf68223f89ed336f97c1eed3856a1a3ab07f43c088f49820028694402cefcaa9
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E8E0E2E1D7CF2382E2224F76C0400786663AF0ABB0B54E735C91A962B0EE6C39449291