Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
GV7DzNoqCI.exe

Overview

General Information

Sample name:GV7DzNoqCI.exe
renamed because original name is a hash value
Original sample name:621647c8bb5f6b42caa1de9898312f19f62ad80ae36cfc24a621fc2ec6454a42.exe
Analysis ID:1577422
MD5:6f4d9644a0db30c5961cc6716912e10c
SHA1:8cee9bf225613f57e963368ad598260790446df0
SHA256:621647c8bb5f6b42caa1de9898312f19f62ad80ae36cfc24a621fc2ec6454a42
Tags:107-148-62-100exeuser-JAMESWT_MHT
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Found pyInstaller with non standard icon
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • GV7DzNoqCI.exe (PID: 6744 cmdline: "C:\Users\user\Desktop\GV7DzNoqCI.exe" MD5: 6F4D9644A0DB30C5961CC6716912E10C)
    • conhost.exe (PID: 6772 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • GV7DzNoqCI.exe (PID: 4208 cmdline: "C:\Users\user\Desktop\GV7DzNoqCI.exe" MD5: 6F4D9644A0DB30C5961CC6716912E10C)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: https://ssh.0523qyfw.com/winscpzAvira URL Cloud: Label: malware
Source: https://ssh.0523qyfw.com/winscpAvira URL Cloud: Label: malware
Multi AV Scanner detection for submitted file
Source: GV7DzNoqCI.exeReversingLabs: Detection: 23%
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACFCB40 CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,EVP_MD_get0_provider,EVP_MD_free,EVP_MD_get0_provider,EVP_MD_free,EVP_CIPHER_get0_provider,EVP_CIPHER_free,EVP_MD_get0_provider,EVP_MD_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,CRYPTO_free,2_2_00007FFDFACFCB40
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACF3B30 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FFDFACF3B30
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFAD45B10 EVP_CIPHER_CTX_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFDFAD45B10
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFAD05AE0 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDFAD05AE0
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACF5B10 COMP_zlib,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,COMP_get_name,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,2_2_00007FFDFACF5B10
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFAD2DAF0 CRYPTO_free,2_2_00007FFDFAD2DAF0
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE13D9 OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_pop_free,2_2_00007FFDFACE13D9
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE1C53 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FFDFACE1C53
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE23EC CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,2_2_00007FFDFACE23EC
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE1361 CRYPTO_malloc,EVP_PKEY_set_type,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_CTX_free,ERR_pop_to_mark,CRYPTO_free,EVP_PKEY_free,2_2_00007FFDFACE1361
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE5C53 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_set_init,BIO_set_data,BIO_clear_flags,2_2_00007FFDFACE5C53
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE267B CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FFDFACE267B
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE23E7 CRYPTO_free,CRYPTO_memdup,2_2_00007FFDFACE23E7
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE150F OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_new_reserve,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_VERIFY_PARAM_get_depth,CRYPTO_dup_ex_data,X509_VERIFY_PARAM_inherit,OPENSSL_sk_dup,OPENSSL_sk_dup,2_2_00007FFDFACE150F
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE1CEE CRYPTO_malloc,memset,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,OPENSSL_cleanse,2_2_00007FFDFACE1CEE
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE222A ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,2_2_00007FFDFACE222A
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFAD2DB60 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFAD2DB60
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFAD4BB70 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFDFAD4BB70
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE1D84 CRYPTO_free,CRYPTO_memdup,2_2_00007FFDFACE1D84
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE1B31 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFACE1B31
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFAD3F8F0 CRYPTO_free,CRYPTO_strndup,2_2_00007FFDFAD3F8F0
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE1B18 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,OPENSSL_cleanse,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,CRYPTO_memcmp,ERR_new,ERR_new,2_2_00007FFDFACE1B18
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE2590 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FFDFACE2590
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFAD438A0 EVP_MD_CTX_new,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,CRYPTO_malloc,EVP_PKEY_CTX_ctrl,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,2_2_00007FFDFAD438A0
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFAD05870 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDFAD05870
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE586A BIO_get_data,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_set_init,BIO_clear_flags,BIO_get_data,BIO_set_shutdown,BIO_push,BIO_set_next,BIO_up_ref,BIO_set_init,2_2_00007FFDFACE586A
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFAD37A40 CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFDFAD37A40
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE271B CRYPTO_free,CRYPTO_strdup,2_2_00007FFDFACE271B
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFAD059F0 CRYPTO_free,CRYPTO_free,2_2_00007FFDFAD059F0
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE1A16 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FFDFACE1A16
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACF5A10 OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,2_2_00007FFDFACF5A10
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE204A CRYPTO_free,CRYPTO_malloc,ERR_new,RAND_bytes_ex,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFDFACE204A
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE107D CRYPTO_free,2_2_00007FFDFACE107D
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACF7980 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_malloc,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,strncmp,CRYPTO_free,CRYPTO_free,OPENSSL_sk_new_null,CRYPTO_free,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_push,OPENSSL_sk_delete,OPENSSL_sk_num,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_free,CRYPTO_free,OPENSSL_sk_free,2_2_00007FFDFACF7980
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE1AC3 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,2_2_00007FFDFACE1AC3
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE236F CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFACE236F
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE2027 CRYPTO_free,2_2_00007FFDFACE2027
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFAD59F10 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFAD59F10
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE3EB0 CRYPTO_free,2_2_00007FFDFACE3EB0
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACFBEC0 CRYPTO_free,CRYPTO_memdup,2_2_00007FFDFACFBEC0
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACEDEC0 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFACEDEC0
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE24E6 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFDFACE24E6
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFAD01E60 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,2_2_00007FFDFAD01E60
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE5E80 BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,2_2_00007FFDFACE5E80
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFAD2E040 CRYPTO_free,2_2_00007FFDFAD2E040
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFAD14000 CRYPTO_realloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDFAD14000
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE103C CRYPTO_malloc,COMP_expand_block,2_2_00007FFDFACE103C
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACEDFB2 ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,2_2_00007FFDFACEDFB2
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE1D8E EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,CRYPTO_zalloc,EVP_MAC_CTX_free,EVP_MAC_free,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_fetch,EVP_MAC_CTX_new,EVP_MAC_free,EVP_CIPHER_CTX_new,EVP_CIPHER_fetch,OSSL_PARAM_construct_utf8_string,OSSL_PARAM_construct_end,EVP_MAC_init,EVP_DecryptInit_ex,EVP_CIPHER_free,EVP_CIPHER_free,EVP_CIPHER_free,EVP_MAC_CTX_get_mac_size,EVP_CIPHER_CTX_get_iv_length,EVP_MAC_final,CRYPTO_memcmp,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,memcpy,ERR_clear_error,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_CTX_free,CRYPTO_free,2_2_00007FFDFACE1D8E
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE1EDD CRYPTO_free,CRYPTO_strndup,CRYPTO_free,OPENSSL_cleanse,_time64,memcpy,EVP_MD_get0_name,EVP_MD_is_a,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFDFACE1EDD
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFAD51F70 CRYPTO_memcmp,2_2_00007FFDFAD51F70
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFAD43D30 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_free,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_clear_free,CRYPTO_clear_free,2_2_00007FFDFAD43D30
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE1CBC EVP_MD_get_size,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,_time64,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFACE1CBC
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFAD05CF0 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,d2i_X509,X509_get0_pubkey,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_free,OPENSSL_sk_new_null,OPENSSL_sk_push,ERR_new,ERR_set_debug,ERR_set_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDFAD05CF0
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE1F50 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FFDFACE1F50
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE1F37 CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FFDFACE1F37
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFAD37CD0 CRYPTO_memcmp,2_2_00007FFDFAD37CD0
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE19DD BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,CRYPTO_free,CRYPTO_strdup,2_2_00007FFDFACE19DD
Source: GV7DzNoqCI.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1955111752.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1955403642.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: cryptography_rust.pdbc source: GV7DzNoqCI.exe, 00000002.00000002.2038147284.00007FFDFA9D7000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1951195114.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdb source: GV7DzNoqCI.exe, 00000002.00000002.2041829186.00007FFDFBA85000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1952428126.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1950894894.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1953844030.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1954826910.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1955500921.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: GV7DzNoqCI.exe, 00000002.00000002.2039592489.00007FFDFB159000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: GV7DzNoqCI.exe, 00000000.00000003.1948535303.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2044167312.00007FFE1A513000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1951465730.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: GV7DzNoqCI.exe, 00000002.00000002.2038147284.00007FFDFA9D7000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1954021248.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1953668587.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1954621873.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: GV7DzNoqCI.exe, 00000002.00000002.2043319130.00007FFE13220000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1949970040.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2042746696.00007FFE11EA7000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1950987272.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1953198706.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1950705819.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1951090474.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1954368173.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1950130083.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2042319358.00007FFE0E17C000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1948747186.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2042469467.00007FFE1030D000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1953382902.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdbUGP source: GV7DzNoqCI.exe, 00000002.00000002.2041829186.00007FFDFBA85000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1950393167.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2043034119.00007FFE126C8000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: cryptography_rust.pdb source: GV7DzNoqCI.exe, 00000002.00000002.2038147284.00007FFDFA9D7000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1955693644.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1951375903.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1964301934.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2038611474.00007FFDFACD0000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: GV7DzNoqCI.exe, 00000002.00000002.2039592489.00007FFDFB1F1000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: GV7DzNoqCI.exe, 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: ossl_ec_GFp_simple_group_set_curvecrypto\ec\ecp_smpl.cossl_ec_GFp_simple_group_check_discriminantossl_ec_GFp_simple_point_set_affine_coordinatesossl_ec_GFp_simple_point_get_affine_coordinatesossl_ec_GFp_simple_make_affineossl_ec_GFp_simple_points_make_affineossl_ec_GFp_simple_field_invossl_ec_GFp_simple_blind_coordinatescrypto\buffer\buffer.cBUF_MEM_growBUF_MEM_grow_cleancompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap` source: GV7DzNoqCI.exe, 00000002.00000002.2038147284.00007FFDFA9D7000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1953756373.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1953080013.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1950796957.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1954126647.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1948535303.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2044167312.00007FFE1A513000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1952333033.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1955211916.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: GV7DzNoqCI.exe, 00000002.00000002.2039592489.00007FFDFB1F1000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1953291482.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python311.pdb source: GV7DzNoqCI.exe, 00000002.00000002.2040243470.00007FFDFB770000.00000002.00000001.01000000.00000005.sdmp, python311.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1963476941.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2043754903.00007FFE1A453000.00000002.00000001.01000000.0000000B.sdmp, select.pyd.0.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1952558311.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: k1k2k3X9_62_PENTANOMIALp.otherp.onBasisp.tpBasisp.ppBasismX9_62_CHARACTERISTIC_TWOp.primep.char_twofieldTypeX9_62_FIELDIDX9_62_CURVEfieldIDcurvebaseECPARAMETERSvalue.named_curvevalue.parametersvalue.implicitlyCAECPKPARAMETERSprivateKeyparameterspublicKeyEC_PRIVATEKEYec_asn1_group2fieldidcrypto\ec\ec_asn1.cec_asn1_group2curveEC_GROUP_get_ecparametersEC_GROUP_get_ecpkparametersEC_GROUP_new_from_ecparametersEC_GROUP_new_from_ecpkparametersi2d_ECPKParametersd2i_ECPrivateKeyi2d_ECPrivateKeyi2d_ECParametersd2i_ECParameterso2i_ECPublicKeyi2o_ECPublicKeycompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"3.3.2built on: Tue Sep 3 19:22:24 2024 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptocrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_sendmmsgBIO_recvmmsgBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: GV7DzNoqCI.exe, 00000002.00000002.2038147284.00007FFDFA9D7000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1955783941.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1953484843.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1953928370.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1953579526.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1951289463.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: GV7DzNoqCI.exe, 00000000.00000003.1950130083.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2042319358.00007FFE0E17C000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1955311642.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdbGCTL source: GV7DzNoqCI.exe, 00000000.00000003.1955783941.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1952241421.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1950288998.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2043598768.00007FFE148E3000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1952133780.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1961168052.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2030989649.0000026AEFAE0000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdb source: GV7DzNoqCI.exe, 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1955007984.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1955595867.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: GV7DzNoqCI.exe, 00000002.00000002.2042871597.00007FFE11ECD000.00000002.00000001.01000000.0000000C.sdmp
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F77F6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF7F77F6878
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F77E69E0 FindFirstFileExW,FindClose,0_2_00007FF7F77E69E0
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F7800A34 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF7F7800A34
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F77F6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF7F77F6878
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FF7F77F6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,2_2_00007FF7F77F6878
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: ssh.0523qyfw.com
Source: GV7DzNoqCI.exe, 00000002.00000002.2036576535.0000026AF2690000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
Source: GV7DzNoqCI.exe, 00000000.00000003.1963476941.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1959078311.000002AA944DA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949970040.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1961783656.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1960700676.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1961168052.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950537291.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950288998.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950393167.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949319327.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1959078311.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949088021.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1948747186.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1960908373.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950130083.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1964301934.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1964301934.000002AA944DB000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: GV7DzNoqCI.exe, 00000000.00000003.1963476941.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949970040.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1961783656.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1960700676.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1961168052.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950537291.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950288998.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950393167.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949319327.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1959078311.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949088021.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1948747186.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1960908373.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950130083.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1964301934.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: GV7DzNoqCI.exe, 00000000.00000003.1963476941.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949970040.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1961783656.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1960700676.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1961168052.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950537291.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950288998.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950393167.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949319327.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1959078311.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949088021.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1948747186.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1960908373.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950130083.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1964301934.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: GV7DzNoqCI.exe, 00000000.00000003.1963476941.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1959078311.000002AA944DA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949970040.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1961783656.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1960700676.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1961168052.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950537291.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950288998.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950393167.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949319327.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1959078311.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949088021.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1948747186.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1960908373.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950130083.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1964301934.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1964301934.000002AA944DB000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: GV7DzNoqCI.exe, 00000002.00000002.2034900478.0000026AF2060000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
Source: GV7DzNoqCI.exe, 00000002.00000003.2015791970.0000026AF1C7D000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2024450464.0000026AF1C7E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012525830.0000026AF1C63000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019399924.0000026AF1C7E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2020133976.0000026AF1C7E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1C01000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2033387146.0000026AF1C7F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012872201.0000026AF1C6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl
Source: GV7DzNoqCI.exe, 00000002.00000003.2011263438.0000026AF236B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009629221.0000026AF22FB000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010610649.0000026AF2355000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009772694.0000026AF2312000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009888789.0000026AF231C000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010131152.0000026AF2368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: GV7DzNoqCI.exe, 00000002.00000003.2011026270.0000026AF206E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2014472777.0000026AF206F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2034950687.0000026AF207F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012983696.0000026AF206F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019465751.0000026AF207A000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009864581.0000026AF22C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: GV7DzNoqCI.exe, 00000002.00000002.2031712059.0000026AEFBEB000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2015074782.0000026AF01EC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2016877096.0000026AF025E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2015372104.0000026AF0221000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2014649450.0000026AF01E7000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2013890060.0000026AEFBE7000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2022114508.0000026AEFBEB000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2015853853.0000026AF022C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: GV7DzNoqCI.exe, 00000002.00000003.2011263438.0000026AF236B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009629221.0000026AF22FB000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010610649.0000026AF2355000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009772694.0000026AF2312000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009888789.0000026AF231C000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010131152.0000026AF2368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: GV7DzNoqCI.exe, 00000002.00000003.2015791970.0000026AF1C7D000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2024450464.0000026AF1C7E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012525830.0000026AF1C63000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019399924.0000026AF1C7E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2020133976.0000026AF1C7E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1C01000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2033387146.0000026AF1C7F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012872201.0000026AF1C6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
Source: GV7DzNoqCI.exe, 00000002.00000003.2009629221.0000026AF22FB000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010610649.0000026AF2355000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009772694.0000026AF2312000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009888789.0000026AF231C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crltO
Source: GV7DzNoqCI.exe, 00000002.00000003.2012344619.0000026AF22C8000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2035684481.0000026AF22C8000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009864581.0000026AF22C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: GV7DzNoqCI.exe, 00000002.00000003.2020972045.0000026AF2147000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2017649363.0000026AF2143000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019916733.0000026AF2144000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012983696.0000026AF2119000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2011026270.0000026AF2119000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2013259165.0000026AF212C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: GV7DzNoqCI.exe, 00000002.00000003.2012344619.0000026AF22C8000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2035684481.0000026AF22C8000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009864581.0000026AF22C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: GV7DzNoqCI.exe, 00000002.00000003.2020972045.0000026AF2147000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2017649363.0000026AF2143000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019916733.0000026AF2144000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012983696.0000026AF2119000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2011026270.0000026AF2119000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2013259165.0000026AF212C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: GV7DzNoqCI.exe, 00000002.00000003.2021180331.0000026AF21DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: GV7DzNoqCI.exe, 00000002.00000003.2009864581.0000026AF22C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: GV7DzNoqCI.exe, 00000000.00000003.1963476941.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1959078311.000002AA944DA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949970040.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1961783656.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1960700676.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1961168052.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950537291.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950288998.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950393167.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949319327.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1959078311.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949088021.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1948747186.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1960908373.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950130083.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1964301934.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1964301934.000002AA944DB000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: GV7DzNoqCI.exe, 00000000.00000003.1963476941.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949970040.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1961783656.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1960700676.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1961168052.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950537291.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950288998.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950393167.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949319327.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1959078311.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949088021.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1948747186.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1960908373.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950130083.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1964301934.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: GV7DzNoqCI.exe, 00000000.00000003.1963476941.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949970040.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1961783656.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1960700676.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1961168052.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950537291.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950288998.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950393167.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949319327.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1959078311.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949088021.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1948747186.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1960908373.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950130083.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1964301934.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: select.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: GV7DzNoqCI.exe, 00000000.00000003.1963476941.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949970040.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1961783656.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1960700676.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1961168052.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950537291.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950288998.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950393167.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949319327.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1959078311.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949088021.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1948747186.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1960908373.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950130083.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1964301934.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: GV7DzNoqCI.exe, 00000002.00000003.1981490503.0000026AF2220000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2036277220.0000026AF2460000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: GV7DzNoqCI.exe, 00000002.00000003.2012776852.0000026AF1CBC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019238142.0000026AF1CE0000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2016032556.0000026AF1CBC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1CBC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2017539173.0000026AF1CDF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1981741070.0000026AF1CBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: GV7DzNoqCI.exe, 00000002.00000003.2015074782.0000026AF01EC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2015372104.0000026AF0221000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2014649450.0000026AF01E7000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2017015805.0000026AF022D000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2015853853.0000026AF022C000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2032384545.0000026AF022D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
Source: GV7DzNoqCI.exe, 00000002.00000003.2012776852.0000026AF1CBC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1981978712.0000026AF1D07000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2017870367.0000026AF1D0D000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2018670580.0000026AF1CBD000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2033637394.0000026AF1CBD000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2016032556.0000026AF1CBC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1CBC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2017539173.0000026AF1CDF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1981741070.0000026AF1CBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: GV7DzNoqCI.exe, 00000002.00000003.2011026270.0000026AF206E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2014472777.0000026AF206F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2034950687.0000026AF207F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012983696.0000026AF206F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019465751.0000026AF207A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
Source: GV7DzNoqCI.exe, 00000002.00000003.2016184288.0000026AF1D5B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019159262.0000026AF1D5B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2034570974.0000026AF1D5B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1D16000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010635568.0000026AF1D5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
Source: GV7DzNoqCI.exe, 00000002.00000003.2011026270.0000026AF206E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2014472777.0000026AF206F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2034950687.0000026AF207F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012983696.0000026AF206F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019465751.0000026AF207A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.esr
Source: GV7DzNoqCI.exe, 00000000.00000003.1963476941.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949970040.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1961783656.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1960700676.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1961168052.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950537291.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950288998.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950393167.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949319327.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1959078311.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949088021.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1948747186.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1960908373.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950130083.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1964301934.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0
Source: GV7DzNoqCI.exe, 00000000.00000003.1963476941.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1959078311.000002AA944DA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949970040.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1961783656.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1960700676.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1961168052.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950537291.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950288998.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950393167.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949319327.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1959078311.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949088021.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1948747186.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1960908373.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950130083.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1964301934.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1964301934.000002AA944DB000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: GV7DzNoqCI.exe, 00000000.00000003.1963476941.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1959078311.000002AA944DA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949970040.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1961783656.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1960700676.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1961168052.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950537291.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950288998.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950393167.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949319327.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1959078311.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949088021.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1948747186.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1960908373.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950130083.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1964301934.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1964301934.000002AA944DB000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: GV7DzNoqCI.exe, 00000000.00000003.1963476941.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949970040.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1961783656.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1960700676.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1961168052.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950537291.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950288998.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950393167.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949319327.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1959078311.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949088021.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1948747186.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1960908373.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950130083.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1964301934.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: GV7DzNoqCI.exe, 00000002.00000003.2021180331.0000026AF21DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
Source: GV7DzNoqCI.exeString found in binary or memory: http://schemas.micr
Source: GV7DzNoqCI.exe, 00000002.00000002.2036277220.0000026AF2460000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: GV7DzNoqCI.exe, 00000002.00000003.2016184288.0000026AF1D5B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019159262.0000026AF1D5B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2011026270.0000026AF206E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2014472777.0000026AF206F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2034570974.0000026AF1D5B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2034950687.0000026AF207F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1D16000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012983696.0000026AF206F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019465751.0000026AF207A000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010635568.0000026AF1D5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: GV7DzNoqCI.exe, 00000002.00000003.2016184288.0000026AF1D5B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019159262.0000026AF1D5B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2034570974.0000026AF1D5B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1D16000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010635568.0000026AF1D5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: GV7DzNoqCI.exe, 00000002.00000003.2016184288.0000026AF1D5B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019159262.0000026AF1D5B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2034570974.0000026AF1D5B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1D16000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010635568.0000026AF1D5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: GV7DzNoqCI.exe, 00000002.00000003.2009629221.0000026AF22FB000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009772694.0000026AF2312000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009888789.0000026AF231C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: GV7DzNoqCI.exe, 00000002.00000003.2009629221.0000026AF22FB000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009772694.0000026AF2312000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009888789.0000026AF231C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm(
Source: GV7DzNoqCI.exe, 00000002.00000003.2016184288.0000026AF1D5B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019159262.0000026AF1D5B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2034570974.0000026AF1D5B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1D16000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010635568.0000026AF1D5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: GV7DzNoqCI.exe, 00000002.00000003.2016184288.0000026AF1D5B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019159262.0000026AF1D5B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2034570974.0000026AF1D5B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009629221.0000026AF22FB000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1D16000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010635568.0000026AF1D5A000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009772694.0000026AF2312000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009888789.0000026AF231C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
Source: GV7DzNoqCI.exe, 00000002.00000003.2011026270.0000026AF206E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2014472777.0000026AF206F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009629221.0000026AF22FB000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2011263438.0000026AF2328000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012983696.0000026AF206F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019465751.0000026AF207A000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010653998.0000026AF2327000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009772694.0000026AF2312000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012250680.0000026AF234C000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009888789.0000026AF231C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: GV7DzNoqCI.exe, 00000002.00000003.2011026270.0000026AF206E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2014472777.0000026AF206F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012983696.0000026AF206F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019465751.0000026AF207A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/r
Source: GV7DzNoqCI.exe, 00000002.00000003.1979350394.0000026AF1CC5000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1979772141.0000026AF1CCC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1979302892.0000026AF1D1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
Source: GV7DzNoqCI.exe, 00000000.00000003.1963476941.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949970040.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1961783656.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1960700676.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1961168052.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950537291.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950288998.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950393167.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949319327.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1959078311.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1949088021.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1948747186.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1960908373.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1950130083.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1964301934.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: GV7DzNoqCI.exe, 00000002.00000003.2019916733.0000026AF215E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012983696.0000026AF215E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2020162580.0000026AF2181000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2011026270.0000026AF215E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2020473574.0000026AF215E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2017649363.0000026AF215E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010689413.0000026AF2175000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2021833491.0000026AF215F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2020972045.0000026AF215E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2021180331.0000026AF2181000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2018159351.0000026AF2180000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2017209074.0000026AF2176000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
Source: GV7DzNoqCI.exe, 00000002.00000003.1981741070.0000026AF1C80000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012776852.0000026AF1C9F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012525830.0000026AF1C63000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1C01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: GV7DzNoqCI.exe, 00000002.00000003.1979558134.0000026AF1D1C000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1979718253.0000026AF1D1C000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1979772141.0000026AF1CBF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1979302892.0000026AF1D1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/time-zones/repository/tz-link.html
Source: GV7DzNoqCI.exe, 00000002.00000003.1979350394.0000026AF1CC5000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1979302892.0000026AF1D1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
Source: GV7DzNoqCI.exe, 00000002.00000003.2021180331.0000026AF21DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
Source: GV7DzNoqCI.exe, 00000002.00000003.2021890283.0000026AF230C000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2035756074.0000026AF230D000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012667905.0000026AF2301000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2016455031.0000026AF2307000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009629221.0000026AF22FB000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2025446254.0000026AF230C000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2011263438.0000026AF22FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: GV7DzNoqCI.exe, 00000002.00000003.1981490503.0000026AF2220000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2016854658.0000026AF1D27000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2034474537.0000026AF1D2A000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012776852.0000026AF1D16000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2021949719.0000026AF1D2A000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2025470001.0000026AF1D2A000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012525830.0000026AF1D16000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1D16000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2016032556.0000026AF1D16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
Source: GV7DzNoqCI.exe, 00000002.00000002.2042617709.00007FFE11BDB000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
Source: GV7DzNoqCI.exe, 00000000.00000003.1966947471.000002AA944CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io
Source: GV7DzNoqCI.exe, 00000000.00000003.1966947471.000002AA944CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/
Source: GV7DzNoqCI.exe, 00000000.00000003.1966947471.000002AA944CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/changelog/
Source: GV7DzNoqCI.exe, 00000002.00000002.2038147284.00007FFDFA9D7000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file
Source: GV7DzNoqCI.exe, 00000000.00000003.1966947471.000002AA944CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/installation/
Source: GV7DzNoqCI.exe, 00000000.00000003.1966947471.000002AA944CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/security/
Source: GV7DzNoqCI.exe, 00000002.00000003.2029348253.0000026AF026F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2015605704.0000026AF026E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2015074782.0000026AF01EC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2032466651.0000026AF026F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2015372104.0000026AF0221000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2014649450.0000026AF01E7000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1979438401.0000026AF0261000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
Source: GV7DzNoqCI.exe, 00000002.00000002.2034700585.0000026AF1E60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: GV7DzNoqCI.exe, 00000002.00000003.1982383002.0000026AF216F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1981587019.0000026AF214F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010689413.0000026AF2175000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: GV7DzNoqCI.exe, 00000002.00000003.2029348253.0000026AF026F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2015605704.0000026AF026E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2015074782.0000026AF01EC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2032466651.0000026AF026F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1975718447.0000026AEFBFA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2016626502.0000026AEFBFC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2022215324.0000026AEFBFC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1975881302.0000026AEFBFA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1977521529.0000026AF0261000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1976158890.0000026AEFBED000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2031740062.0000026AEFBFC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2015372104.0000026AF0221000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2014649450.0000026AF01E7000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2013890060.0000026AEFBE7000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1979438401.0000026AF0261000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2014447528.0000026AEFBFB000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1976336063.0000026AEFBED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: GV7DzNoqCI.exe, 00000002.00000002.2036576535.0000026AF2730000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/psf/requests/pull/6710
Source: GV7DzNoqCI.exe, 00000000.00000003.1966947471.000002AA944CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography
Source: GV7DzNoqCI.exe, 00000000.00000003.1966947471.000002AA944CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/
Source: GV7DzNoqCI.exe, 00000000.00000003.1966947471.000002AA944CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
Source: GV7DzNoqCI.exe, 00000000.00000003.1966947471.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2038147284.00007FFDFA9D7000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues
Source: GV7DzNoqCI.exe, 00000002.00000002.2038147284.00007FFDFA9D7000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues/8996
Source: GV7DzNoqCI.exe, 00000002.00000002.2038147284.00007FFDFA9D7000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues/9253
Source: GV7DzNoqCI.exe, 00000000.00000003.1966947471.000002AA944CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
Source: GV7DzNoqCI.exe, 00000002.00000002.2031823001.0000026AEFD68000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: GV7DzNoqCI.exe, 00000002.00000003.1976336063.0000026AEFBED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: GV7DzNoqCI.exe, 00000002.00000003.2029348253.0000026AF026F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2015605704.0000026AF026E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2015074782.0000026AF01EC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2032466651.0000026AF026F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1975718447.0000026AEFBFA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2016626502.0000026AEFBFC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2022215324.0000026AEFBFC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1975881302.0000026AEFBFA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1977521529.0000026AF0261000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1976158890.0000026AEFBED000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2031740062.0000026AEFBFC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2015372104.0000026AF0221000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2014649450.0000026AF01E7000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2013890060.0000026AEFBE7000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1979438401.0000026AF0261000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2014447528.0000026AEFBFB000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1976336063.0000026AEFBED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: GV7DzNoqCI.exe, 00000002.00000003.1978888230.0000026AF1C8A000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2016579046.0000026AF1B9E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2014883958.0000026AF1B9C000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2013696200.0000026AF1B8F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1978727396.0000026AF1C8A000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1B85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/issues/86361.
Source: GV7DzNoqCI.exe, 00000002.00000003.2029348253.0000026AF026F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2015605704.0000026AF026E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2015074782.0000026AF01EC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2032466651.0000026AF026F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1975718447.0000026AEFBFA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2016626502.0000026AEFBFC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2022215324.0000026AEFBFC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1975881302.0000026AEFBFA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1977521529.0000026AF0261000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1976158890.0000026AEFBED000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2031740062.0000026AEFBFC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2015372104.0000026AF0221000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2014649450.0000026AF01E7000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2013890060.0000026AEFBE7000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1979438401.0000026AF0261000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2014447528.0000026AEFBFB000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1976336063.0000026AEFBED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: GV7DzNoqCI.exe, 00000002.00000002.2034700585.0000026AF1E60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: GV7DzNoqCI.exe, 00000002.00000003.2019764458.0000026AF1CA4000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1981741070.0000026AF1C80000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012776852.0000026AF1C9F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2018944863.0000026AF1CA3000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012525830.0000026AF1C63000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2016239859.0000026AF1CA2000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1C01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: GV7DzNoqCI.exe, 00000002.00000003.1981741070.0000026AF1D1C000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012750324.0000026AF1D39000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2034700585.0000026AF1E60000.00000004.00001000.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2013870066.0000026AF1D4E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012525830.0000026AF1D16000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2016184288.0000026AF1D55000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1D16000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019159262.0000026AF1D55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: GV7DzNoqCI.exe, 00000002.00000002.2036277220.0000026AF2460000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/3290
Source: GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1C01000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2011026270.0000026AF2119000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2013259165.0000026AF212C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: GV7DzNoqCI.exe, 00000002.00000003.2015685786.0000026AF1C1D000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019643350.0000026AF1C32000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2020727667.0000026AF212D000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2034950687.0000026AF213B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1981741070.0000026AF1D1C000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2014262266.0000026AF1C01000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2024689206.0000026AF212D000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2017966898.0000026AF1C25000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012983696.0000026AF2119000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1C01000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2011026270.0000026AF2119000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2013259165.0000026AF212C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
Source: GV7DzNoqCI.exe, 00000002.00000003.1981741070.0000026AF1CBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
Source: GV7DzNoqCI.exe, 00000002.00000003.2012776852.0000026AF1CBC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019238142.0000026AF1CC5000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019591580.0000026AF1CDE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2018670580.0000026AF1CBD000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2016032556.0000026AF1CBC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1CBC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1981741070.0000026AF1CBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1C01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
Source: GV7DzNoqCI.exe, 00000002.00000003.2012872201.0000026AF1C6A000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2016956103.0000026AF1C6C000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2011263438.0000026AF22FB000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2013259165.0000026AF212C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
Source: GV7DzNoqCI.exe, 00000002.00000003.2016522774.0000026AF1B86000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1B85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
Source: GV7DzNoqCI.exe, 00000000.00000003.1966947471.000002AA944CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
Source: GV7DzNoqCI.exe, 00000002.00000002.2036405730.0000026AF2560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
Source: GV7DzNoqCI.exe, 00000002.00000003.2013259165.0000026AF212C000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2020473574.0000026AF214C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
Source: GV7DzNoqCI.exe, 00000002.00000003.2013550333.0000026AF227C000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010169384.0000026AF227C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: GV7DzNoqCI.exe, 00000000.00000003.1966947471.000002AA944CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
Source: GV7DzNoqCI.exe, 00000002.00000003.1980747239.0000026AF213B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2034700585.0000026AF1E60000.00000004.00001000.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2036277220.0000026AF2460000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
Source: GV7DzNoqCI.exe, 00000002.00000003.1976679301.0000026AF0228000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1976216957.0000026AF0228000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1976409904.0000026AF0228000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1976996813.0000026AF0228000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2031977945.0000026AEFFC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0205/
Source: GV7DzNoqCI.exe, 00000002.00000002.2040243470.00007FFDFB770000.00000002.00000001.01000000.00000005.sdmp, python311.dll.0.drString found in binary or memory: https://peps.python.org/pep-0263/
Source: GV7DzNoqCI.exe, 00000000.00000003.1966947471.000002AA944CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/cryptography/
Source: GV7DzNoqCI.exe, 00000000.00000003.1966947471.000002AA944CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
Source: GV7DzNoqCI.exe, 00000002.00000002.2036576535.0000026AF26B8000.00000004.00001000.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1B85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
Source: GV7DzNoqCI.exe, 00000002.00000002.2034597306.0000026AF1D60000.00000004.00001000.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2036946727.0000026AF27DC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ssh.0523qyfw.com/winscp
Source: GV7DzNoqCI.exe, 00000002.00000002.2032877509.0000026AF1B96000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2013696200.0000026AF1B8F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1B85000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2025261614.0000026AF1B96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssh.0523qyfw.com/winscpz
Source: GV7DzNoqCI.exe, 00000002.00000003.2014649450.0000026AF0290000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2022647886.0000026AF0299000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: GV7DzNoqCI.exe, 00000002.00000002.2034925452.0000026AF2071000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2011026270.0000026AF206E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2014472777.0000026AF206F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012525830.0000026AF1C63000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019741378.0000026AF206F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012983696.0000026AF206F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1C01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: GV7DzNoqCI.exe, 00000002.00000002.2036277220.0000026AF2460000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: GV7DzNoqCI.exe, 00000002.00000002.2036277220.0000026AF2460000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: GV7DzNoqCI.exe, 00000000.00000003.1971364083.000002AA944CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/
Source: GV7DzNoqCI.exe, 00000000.00000003.1972470569.000002AA944DD000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1971364083.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1971364083.000002AA944DC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.2044675263.000002AA944DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
Source: GV7DzNoqCI.exe, 00000000.00000003.1960908373.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2039899855.00007FFDFB29A000.00000002.00000001.01000000.0000000D.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://www.openssl.org/H
Source: GV7DzNoqCI.exe, 00000002.00000003.2016522774.0000026AF1B86000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1B85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
Source: GV7DzNoqCI.exe, 00000002.00000003.2013550333.0000026AF227C000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010169384.0000026AF227C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
Source: GV7DzNoqCI.exe, 00000002.00000002.2031823001.0000026AEFCE0000.00000004.00001000.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1975014391.0000026AF01F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: GV7DzNoqCI.exe, 00000002.00000002.2040453968.00007FFDFB80E000.00000004.00000001.01000000.00000005.sdmp, python311.dll.0.drString found in binary or memory: https://www.python.org/psf/license/
Source: GV7DzNoqCI.exe, 00000002.00000003.2016282757.0000026AF1C90000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1980747239.0000026AF213B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1981741070.0000026AF1C80000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1981587019.0000026AF214F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012525830.0000026AF1C63000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012925394.0000026AF1C8E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1C01000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012872201.0000026AF1C6A000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2017850961.0000026AF1C9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
Source: GV7DzNoqCI.exe, 00000002.00000003.2015791970.0000026AF1C7D000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2024450464.0000026AF1C7E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012525830.0000026AF1C63000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019399924.0000026AF1C7E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2020133976.0000026AF1C7E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1C01000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2033387146.0000026AF1C7F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012872201.0000026AF1C6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autori
Source: GV7DzNoqCI.exe, 00000002.00000003.2009888789.0000026AF231C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
Source: GV7DzNoqCI.exe, 00000002.00000003.2011263438.0000026AF236B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009629221.0000026AF22FB000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009772694.0000026AF2312000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009888789.0000026AF231C000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010131152.0000026AF2368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: GV7DzNoqCI.exe, 00000002.00000003.2015685786.0000026AF1C1D000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019643350.0000026AF1C32000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2020727667.0000026AF212D000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2034950687.0000026AF213B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1981741070.0000026AF1D1C000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2014262266.0000026AF1C01000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2024689206.0000026AF212D000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2017966898.0000026AF1C25000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012983696.0000026AF2119000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1C01000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2011026270.0000026AF2119000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2013259165.0000026AF212C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F77E58E00_2_00007FF7F77E58E0
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F77F68780_2_00007FF7F77F6878
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F7804EA00_2_00007FF7F7804EA0
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F7805DEC0_2_00007FF7F7805DEC
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F77FFA880_2_00007FF7F77FFA88
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F78058A00_2_00007FF7F78058A0
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F77F70FC0_2_00007FF7F77F70FC
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F77FD8780_2_00007FF7F77FD878
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F77F4FC00_2_00007FF7F77F4FC0
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F77EFF440_2_00007FF7F77EFF44
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F77F07640_2_00007FF7F77F0764
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F77F16C40_2_00007FF7F77F16C4
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F77F66C40_2_00007FF7F77F66C4
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F7802DB00_2_00007FF7F7802DB0
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F77FFA880_2_00007FF7F77FFA88
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F77F26140_2_00007FF7F77F2614
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F77EFD400_2_00007FF7F77EFD40
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F77FCD640_2_00007FF7F77FCD64
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F77F05600_2_00007FF7F77F0560
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F77F8D000_2_00007FF7F77F8D00
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F77E74200_2_00007FF7F77E7420
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F7808BE80_2_00007FF7F7808BE8
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F77F132C0_2_00007FF7F77F132C
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F77F03540_2_00007FF7F77F0354
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F77F2A180_2_00007FF7F77F2A18
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F7800A340_2_00007FF7F7800A34
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F780324C0_2_00007FF7F780324C
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F77F68780_2_00007FF7F77F6878
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F77F21DC0_2_00007FF7F77F21DC
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F77FD1F80_2_00007FF7F77FD1F8
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F780511C0_2_00007FF7F780511C
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F77F01500_2_00007FF7F77F0150
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FF7F7804EA02_2_00007FF7F7804EA0
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FF7F7805DEC2_2_00007FF7F7805DEC
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FF7F78058A02_2_00007FF7F78058A0
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FF7F77E58E02_2_00007FF7F77E58E0
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FF7F77F70FC2_2_00007FF7F77F70FC
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FF7F77FD8782_2_00007FF7F77FD878
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FF7F77F68782_2_00007FF7F77F6878
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FF7F77F4FC02_2_00007FF7F77F4FC0
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FF7F77EFF442_2_00007FF7F77EFF44
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FF7F77F07642_2_00007FF7F77F0764
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FF7F77F16C42_2_00007FF7F77F16C4
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FF7F77F66C42_2_00007FF7F77F66C4
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FF7F7802DB02_2_00007FF7F7802DB0
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FF7F77FFA882_2_00007FF7F77FFA88
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FF7F77F26142_2_00007FF7F77F2614
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFABC18A02_2_00007FFDFABC18A0
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE1AD72_2_00007FFDFACE1AD7
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFAD59B302_2_00007FFDFAD59B30
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE15962_2_00007FFDFACE1596
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE15462_2_00007FFDFACE1546
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE21DF2_2_00007FFDFACE21DF
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE1D8E2_2_00007FFDFACE1D8E
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE1EDD2_2_00007FFDFACE1EDD
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFACE1CBC2_2_00007FFDFACE1CBC
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFAD05CF02_2_00007FFDFAD05CF0
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: String function: 00007FFDFAD5C16F appears 90 times
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: String function: 00007FFDFACE1325 appears 118 times
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: String function: 00007FF7F77E1CB0 appears 32 times
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: String function: 00007FFDFAD5C181 appears 243 times
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: String function: 00007FF7F77E1C50 appears 82 times
Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: python3.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: GV7DzNoqCI.exe, 00000000.00000003.1953668587.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1954826910.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1950705819.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1953756373.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1950894894.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1963476941.000002AA944CF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1955403642.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1950987272.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1951195114.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1955111752.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1952428126.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1949970040.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1951375903.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1955783941.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1953382902.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1954621873.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1955693644.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1961168052.000002AA944CF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1950537291.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1955007984.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1954126647.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1955500921.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1951289463.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1950288998.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1953080013.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1948535303.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1950393167.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1953844030.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1949319327.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1954368173.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1952133780.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1949088021.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1953579526.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1950796957.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1948747186.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1954021248.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1951090474.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1952333033.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1952558311.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1953291482.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1960908373.000002AA944CE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1950130083.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1955595867.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1964301934.000002AA944CF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1955311642.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1955211916.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1953484843.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1953928370.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1953198706.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1951465730.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1952241421.000002AA944CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000000.00000003.1963709943.000002AA944CF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exeBinary or memory string: OriginalFilename vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000002.00000002.2042527044.00007FFE10312000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000002.00000002.2030989649.0000026AEFAE0000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000002.00000002.2043089057.00007FFE126D2000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000002.00000002.2039899855.00007FFDFB29A000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000002.00000002.2041893799.00007FFDFBAC2000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000002.00000002.2042793438.00007FFE11EAE000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000002.00000002.2043847527.00007FFE1A456000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000002.00000002.2044225930.00007FFE1A519000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000002.00000002.2043650354.00007FFE148E6000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000002.00000002.2042395990.00007FFE0E185000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000002.00000002.2043436108.00007FFE1322D000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000002.00000002.2042947103.00007FFE11EE9000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilenamelibsslH vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000002.00000002.2038844403.00007FFDFACD5000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs GV7DzNoqCI.exe
Source: GV7DzNoqCI.exe, 00000002.00000002.2041697524.00007FFDFB9AE000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamepython311.dll. vs GV7DzNoqCI.exe
Source: classification engineClassification label: mal60.winEXE@4/70@1/0
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F77E6670 GetLastError,FormatMessageW,WideCharToMultiByte,0_2_00007FF7F77E6670
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeMutant created: \Sessions\1\BaseNamedObjects\Global\MyUniqueProgramMutexName12345
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6772:120:WilError_03
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442Jump to behavior
Source: GV7DzNoqCI.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: GV7DzNoqCI.exeReversingLabs: Detection: 23%
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile read: C:\Users\user\Desktop\GV7DzNoqCI.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\GV7DzNoqCI.exe "C:\Users\user\Desktop\GV7DzNoqCI.exe"
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeProcess created: C:\Users\user\Desktop\GV7DzNoqCI.exe "C:\Users\user\Desktop\GV7DzNoqCI.exe"
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeProcess created: C:\Users\user\Desktop\GV7DzNoqCI.exe "C:\Users\user\Desktop\GV7DzNoqCI.exe"Jump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeSection loaded: libffi-8.dllJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeSection loaded: libcrypto-3.dllJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeSection loaded: libssl-3.dllJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeSection loaded: kernel.appcore.dllJump to behavior
Source: GV7DzNoqCI.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: GV7DzNoqCI.exeStatic file information: File size 13108334 > 1048576
Source: GV7DzNoqCI.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: GV7DzNoqCI.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: GV7DzNoqCI.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: GV7DzNoqCI.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: GV7DzNoqCI.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: GV7DzNoqCI.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: GV7DzNoqCI.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: GV7DzNoqCI.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1955111752.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1955403642.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: cryptography_rust.pdbc source: GV7DzNoqCI.exe, 00000002.00000002.2038147284.00007FFDFA9D7000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1951195114.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdb source: GV7DzNoqCI.exe, 00000002.00000002.2041829186.00007FFDFBA85000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1952428126.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1950894894.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1953844030.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1954826910.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1955500921.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: GV7DzNoqCI.exe, 00000002.00000002.2039592489.00007FFDFB159000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: GV7DzNoqCI.exe, 00000000.00000003.1948535303.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2044167312.00007FFE1A513000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1951465730.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: GV7DzNoqCI.exe, 00000002.00000002.2038147284.00007FFDFA9D7000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1954021248.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1953668587.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1954621873.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: GV7DzNoqCI.exe, 00000002.00000002.2043319130.00007FFE13220000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1949970040.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2042746696.00007FFE11EA7000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1950987272.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1953198706.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1950705819.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1951090474.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1954368173.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1950130083.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2042319358.00007FFE0E17C000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1948747186.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2042469467.00007FFE1030D000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1953382902.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdbUGP source: GV7DzNoqCI.exe, 00000002.00000002.2041829186.00007FFDFBA85000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1950393167.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2043034119.00007FFE126C8000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: cryptography_rust.pdb source: GV7DzNoqCI.exe, 00000002.00000002.2038147284.00007FFDFA9D7000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1955693644.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1951375903.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1964301934.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2038611474.00007FFDFACD0000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: GV7DzNoqCI.exe, 00000002.00000002.2039592489.00007FFDFB1F1000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: GV7DzNoqCI.exe, 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: ossl_ec_GFp_simple_group_set_curvecrypto\ec\ecp_smpl.cossl_ec_GFp_simple_group_check_discriminantossl_ec_GFp_simple_point_set_affine_coordinatesossl_ec_GFp_simple_point_get_affine_coordinatesossl_ec_GFp_simple_make_affineossl_ec_GFp_simple_points_make_affineossl_ec_GFp_simple_field_invossl_ec_GFp_simple_blind_coordinatescrypto\buffer\buffer.cBUF_MEM_growBUF_MEM_grow_cleancompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap` source: GV7DzNoqCI.exe, 00000002.00000002.2038147284.00007FFDFA9D7000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1953756373.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1953080013.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1950796957.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1954126647.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1948535303.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2044167312.00007FFE1A513000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1952333033.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1955211916.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: GV7DzNoqCI.exe, 00000002.00000002.2039592489.00007FFDFB1F1000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1953291482.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python311.pdb source: GV7DzNoqCI.exe, 00000002.00000002.2040243470.00007FFDFB770000.00000002.00000001.01000000.00000005.sdmp, python311.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1963476941.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2043754903.00007FFE1A453000.00000002.00000001.01000000.0000000B.sdmp, select.pyd.0.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1952558311.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: k1k2k3X9_62_PENTANOMIALp.otherp.onBasisp.tpBasisp.ppBasismX9_62_CHARACTERISTIC_TWOp.primep.char_twofieldTypeX9_62_FIELDIDX9_62_CURVEfieldIDcurvebaseECPARAMETERSvalue.named_curvevalue.parametersvalue.implicitlyCAECPKPARAMETERSprivateKeyparameterspublicKeyEC_PRIVATEKEYec_asn1_group2fieldidcrypto\ec\ec_asn1.cec_asn1_group2curveEC_GROUP_get_ecparametersEC_GROUP_get_ecpkparametersEC_GROUP_new_from_ecparametersEC_GROUP_new_from_ecpkparametersi2d_ECPKParametersd2i_ECPrivateKeyi2d_ECPrivateKeyi2d_ECParametersd2i_ECParameterso2i_ECPublicKeyi2o_ECPublicKeycompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"3.3.2built on: Tue Sep 3 19:22:24 2024 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptocrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_sendmmsgBIO_recvmmsgBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: GV7DzNoqCI.exe, 00000002.00000002.2038147284.00007FFDFA9D7000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1955783941.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1953484843.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1953928370.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1953579526.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1951289463.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: GV7DzNoqCI.exe, 00000000.00000003.1950130083.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2042319358.00007FFE0E17C000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1955311642.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdbGCTL source: GV7DzNoqCI.exe, 00000000.00000003.1955783941.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1952241421.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1950288998.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2043598768.00007FFE148E3000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1952133780.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1961168052.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2030989649.0000026AEFAE0000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdb source: GV7DzNoqCI.exe, 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1955007984.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: GV7DzNoqCI.exe, 00000000.00000003.1955595867.000002AA944CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: GV7DzNoqCI.exe, 00000002.00000002.2042871597.00007FFE11ECD000.00000002.00000001.01000000.0000000C.sdmp
Source: GV7DzNoqCI.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: GV7DzNoqCI.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: GV7DzNoqCI.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: GV7DzNoqCI.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: GV7DzNoqCI.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: api-ms-win-crt-utility-l1-1-0.dll.0.drStatic PE information: 0xEBA28C46 [Sun Apr 10 18:28:22 2095 UTC]
Source: GV7DzNoqCI.exeStatic PE information: section name: _RDATA
Source: libcrypto-3.dll.0.drStatic PE information: section name: .00cfg
Source: libssl-3.dll.0.drStatic PE information: section name: .00cfg
Source: python311.dll.0.drStatic PE information: section name: PyRuntim
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: fothk
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFAD04021 push rcx; ret 2_2_00007FFDFAD04022

Persistence and Installation Behavior

barindex
Found pyInstaller with non standard icon
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeProcess created: "C:\Users\user\Desktop\GV7DzNoqCI.exe"
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\zstandard\backend_c.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\libcrypto-3.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\ucrtbase.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\_cffi_backend.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\select.pydJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\libssl-3.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\libffi-8.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\charset_normalizer\md__mypyc.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\charset_normalizer\md.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\zstandard\_cffi.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\python311.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F77E2F20 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF7F77E2F20
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\zstandard\backend_c.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\_cffi_backend.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\select.pydJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\charset_normalizer\md__mypyc.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\charset_normalizer\md.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\zstandard\_cffi.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\python311.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeAPI coverage: 2.0 %
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F77F6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF7F77F6878
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F77E69E0 FindFirstFileExW,FindClose,0_2_00007FF7F77E69E0
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F7800A34 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF7F7800A34
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F77F6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF7F77F6878
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FF7F77F6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,2_2_00007FF7F77F6878
Source: GV7DzNoqCI.exe, 00000000.00000003.1966521303.000002AA944CF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
Source: GV7DzNoqCI.exe, 00000002.00000003.2015685786.0000026AF1C1D000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2033052394.0000026AF1C38000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2018134820.0000026AF1C37000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2014262266.0000026AF1C01000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2017966898.0000026AF1C25000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2020564069.0000026AF1C38000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1C01000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F77F9C44 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7F77F9C44
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F7802620 GetProcessHeap,0_2_00007FF7F7802620
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F77F9C44 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7F77F9C44
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F77EABD4 SetUnhandledExceptionFilter,0_2_00007FF7F77EABD4
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F77EAA2C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7F77EAA2C
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F77EA180 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF7F77EA180
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFABC3058 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFDFABC3058
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 2_2_00007FFDFABC2A90 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFDFABC2A90
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeProcess created: C:\Users\user\Desktop\GV7DzNoqCI.exe "C:\Users\user\Desktop\GV7DzNoqCI.exe"Jump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F7808A30 cpuid 0_2_00007FF7F7808A30
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\zstandard VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\cryptography-43.0.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\cryptography-43.0.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\cryptography-43.0.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\cryptography-43.0.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\cryptography-43.0.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\cryptography-43.0.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\ucrtbase.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\_ssl.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\zstandard VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\zstandard VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\zstandard VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\_queue.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\charset_normalizer\md.cp311-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\charset_normalizer\md__mypyc.cp311-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\unicodedata.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\certifi\cacert.pem VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\cryptography\hazmat\bindings VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\cryptography\hazmat\bindings VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\cryptography\hazmat\bindings VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\cryptography\hazmat\bindings\_rust.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI67442\_cffi_backend.cp311-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeQueries volume information: C:\Users\user\Desktop\GV7DzNoqCI.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F77EA910 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF7F77EA910
Source: C:\Users\user\Desktop\GV7DzNoqCI.exeCode function: 0_2_00007FF7F7804EA0 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF7F7804EA0

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		11
Process Injection		11
Process Injection		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory21
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
Obfuscated Files or Information		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Timestomp		NTDS22
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
GV7DzNoqCI.exe24%ReversingLabsWin64.Trojan.Generic

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI67442\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\_cffi_backend.cp311-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\_ctypes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-memory-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-namedpipe-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-processenvironment-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-processthreads-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-processthreads-l1-1-1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-profile-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-rtlsupport-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-string-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-synch-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-synch-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-sysinfo-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-timezone-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-util-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-conio-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-convert-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-environment-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-filesystem-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-heap-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-locale-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-math-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-process-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-runtime-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-stdio-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-string-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-time-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-utility-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\charset_normalizer\md.cp311-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\charset_normalizer\md__mypyc.cp311-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\cryptography\hazmat\bindings\_rust.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\libcrypto-3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\libffi-8.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\libssl-3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\python3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\python311.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\select.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\ucrtbase.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\unicodedata.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\zstandard\_cffi.cp311-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI67442\zstandard\backend_c.cp311-win_amd64.pyd0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://wwww.certigna.fr/autori0%Avira URL Cloudsafe
https://ssh.0523qyfw.com/winscpz100%Avira URL Cloudmalware
http://ocsp.accv.esr0%Avira URL Cloudsafe
https://ssh.0523qyfw.com/winscp100%Avira URL Cloudmalware

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
217.20.58.100
truefalse
    		high
    fp2e7a.wpc.phicdn.net
    		192.229.221.95
    		truefalse
      		high
      ssh.0523qyfw.com
      		unknown
      		unknownfalse
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        https://github.com/pyca/cryptography/issues/8996GV7DzNoqCI.exe, 00000002.00000002.2038147284.00007FFDFA9D7000.00000002.00000001.01000000.00000017.sdmpfalse
          		high
          http://crl.dhimyotis.com/certignarootca.crl0GV7DzNoqCI.exe, 00000002.00000003.2015791970.0000026AF1C7D000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2024450464.0000026AF1C7E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012525830.0000026AF1C63000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019399924.0000026AF1C7E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2020133976.0000026AF1C7E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1C01000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2033387146.0000026AF1C7F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012872201.0000026AF1C6A000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#GV7DzNoqCI.exe, 00000002.00000003.2029348253.0000026AF026F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2015605704.0000026AF026E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2015074782.0000026AF01EC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2032466651.0000026AF026F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1975718447.0000026AEFBFA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2016626502.0000026AEFBFC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2022215324.0000026AEFBFC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1975881302.0000026AEFBFA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1977521529.0000026AF0261000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1976158890.0000026AEFBED000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2031740062.0000026AEFBFC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2015372104.0000026AF0221000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2014649450.0000026AF01E7000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2013890060.0000026AEFBE7000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1979438401.0000026AF0261000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2014447528.0000026AEFBFB000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1976336063.0000026AEFBED000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://github.com/pyca/cryptography/actions?query=workflow%3ACIGV7DzNoqCI.exe, 00000000.00000003.1966947471.000002AA944CF000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://tools.ietf.org/html/rfc2388#section-4.4GV7DzNoqCI.exe, 00000002.00000003.2014649450.0000026AF0290000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2022647886.0000026AF0299000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://www.apache.org/licenses/LICENSE-2.0GV7DzNoqCI.exe, 00000000.00000003.1972470569.000002AA944DD000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1971364083.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.1971364083.000002AA944DC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000000.00000003.2044675263.000002AA944DD000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64GV7DzNoqCI.exe, 00000002.00000003.2029348253.0000026AF026F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2015605704.0000026AF026E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2015074782.0000026AF01EC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2032466651.0000026AF026F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2015372104.0000026AF0221000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2014649450.0000026AF01E7000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1979438401.0000026AF0261000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963GV7DzNoqCI.exe, 00000002.00000002.2034700585.0000026AF1E60000.00000004.00001000.00020000.00000000.sdmpfalse
                        		high
                        https://peps.python.org/pep-0205/GV7DzNoqCI.exe, 00000002.00000003.1976679301.0000026AF0228000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1976216957.0000026AF0228000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1976409904.0000026AF0228000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1976996813.0000026AF0228000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2031977945.0000026AEFFC0000.00000004.00001000.00020000.00000000.sdmpfalse
                          		high
                          http://crl.dhimyotis.com/certignarootca.crlGV7DzNoqCI.exe, 00000002.00000003.2011263438.0000026AF236B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009629221.0000026AF22FB000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010610649.0000026AF2355000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009772694.0000026AF2312000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009888789.0000026AF231C000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010131152.0000026AF2368000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://curl.haxx.se/rfc/cookie_spec.htmlGV7DzNoqCI.exe, 00000002.00000003.1981490503.0000026AF2220000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2036277220.0000026AF2460000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              http://ocsp.accv.esGV7DzNoqCI.exe, 00000002.00000003.2011026270.0000026AF206E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2014472777.0000026AF206F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2034950687.0000026AF207F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012983696.0000026AF206F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019465751.0000026AF207A000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyGV7DzNoqCI.exe, 00000002.00000002.2036277220.0000026AF2460000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688GV7DzNoqCI.exe, 00000002.00000002.2031823001.0000026AEFD68000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    https://httpbin.org/getGV7DzNoqCI.exe, 00000002.00000003.2012872201.0000026AF1C6A000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2016956103.0000026AF1C6C000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2011263438.0000026AF22FB000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2013259165.0000026AF212C000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.accv.es/legislacion_c.htm(GV7DzNoqCI.exe, 00000002.00000003.2009629221.0000026AF22FB000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009772694.0000026AF2312000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009888789.0000026AF231C000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://wwww.certigna.fr/autorites/0mGV7DzNoqCI.exe, 00000002.00000003.2011263438.0000026AF236B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009629221.0000026AF22FB000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009772694.0000026AF2312000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009888789.0000026AF231C000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010131152.0000026AF2368000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerGV7DzNoqCI.exe, 00000002.00000003.2029348253.0000026AF026F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2015605704.0000026AF026E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2015074782.0000026AF01EC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2032466651.0000026AF026F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1975718447.0000026AEFBFA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2016626502.0000026AEFBFC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2022215324.0000026AEFBFC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1975881302.0000026AEFBFA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1977521529.0000026AF0261000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1976158890.0000026AEFBED000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2031740062.0000026AEFBFC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2015372104.0000026AF0221000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2014649450.0000026AF01E7000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2013890060.0000026AEFBE7000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1979438401.0000026AF0261000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2014447528.0000026AEFBFB000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1976336063.0000026AEFBED000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://github.com/python/cpython/issues/86361.GV7DzNoqCI.exe, 00000002.00000003.1978888230.0000026AF1C8A000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2016579046.0000026AF1B9E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2014883958.0000026AF1B9C000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2013696200.0000026AF1B8F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1978727396.0000026AF1C8A000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1B85000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://httpbin.org/GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1C01000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://www.apache.org/licenses/GV7DzNoqCI.exe, 00000000.00000003.1971364083.000002AA944CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=mainGV7DzNoqCI.exe, 00000000.00000003.1966947471.000002AA944CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://wwww.certigna.fr/autorites/GV7DzNoqCI.exe, 00000002.00000003.2009888789.0000026AF231C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-fileGV7DzNoqCI.exe, 00000002.00000002.2038147284.00007FFDFA9D7000.00000002.00000001.01000000.00000017.sdmpfalse
                                                        		high
                                                        http://www.cl.cam.ac.uk/~mgk25/iso-time.htmlGV7DzNoqCI.exe, 00000002.00000003.1979350394.0000026AF1CC5000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1979772141.0000026AF1CCC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1979302892.0000026AF1D1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://schemas.micrGV7DzNoqCI.exefalse
                                                            		high
                                                            http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535GV7DzNoqCI.exe, 00000002.00000003.2012776852.0000026AF1CBC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1981978712.0000026AF1D07000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2017870367.0000026AF1D0D000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2018670580.0000026AF1CBD000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2033637394.0000026AF1CBD000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2016032556.0000026AF1CBC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1CBC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2017539173.0000026AF1CDF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1981741070.0000026AF1CBC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://cryptography.io/en/latest/installation/GV7DzNoqCI.exe, 00000000.00000003.1966947471.000002AA944CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syGV7DzNoqCI.exe, 00000002.00000003.2029348253.0000026AF026F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2015605704.0000026AF026E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2015074782.0000026AF01EC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2032466651.0000026AF026F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1975718447.0000026AEFBFA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2016626502.0000026AEFBFC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2022215324.0000026AEFBFC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1975881302.0000026AEFBFA000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1977521529.0000026AF0261000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1976158890.0000026AEFBED000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2031740062.0000026AEFBFC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2015372104.0000026AF0221000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2014649450.0000026AF01E7000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2013890060.0000026AEFBE7000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1979438401.0000026AF0261000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2014447528.0000026AEFBFB000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1976336063.0000026AEFBED000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.python.org/psf/license/GV7DzNoqCI.exe, 00000002.00000002.2040453968.00007FFDFB80E000.00000004.00000001.01000000.00000005.sdmp, python311.dll.0.drfalse
                                                                    		high
                                                                    http://crl.securetrust.com/STCA.crlGV7DzNoqCI.exe, 00000002.00000003.2012344619.0000026AF22C8000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2035684481.0000026AF22C8000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009864581.0000026AF22C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://wwwsearch.sf.net/):GV7DzNoqCI.exe, 00000002.00000003.1981490503.0000026AF2220000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2016854658.0000026AF1D27000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2034474537.0000026AF1D2A000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012776852.0000026AF1D16000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2021949719.0000026AF1D2A000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2025470001.0000026AF1D2A000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012525830.0000026AF1D16000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1D16000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2016032556.0000026AF1D16000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0GV7DzNoqCI.exe, 00000002.00000003.2016184288.0000026AF1D5B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019159262.0000026AF1D5B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2011026270.0000026AF206E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2014472777.0000026AF206F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2034570974.0000026AF1D5B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2034950687.0000026AF207F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1D16000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012983696.0000026AF206F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019465751.0000026AF207A000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010635568.0000026AF1D5A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.accv.es/legislacion_c.htmGV7DzNoqCI.exe, 00000002.00000003.2009629221.0000026AF22FB000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009772694.0000026AF2312000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009888789.0000026AF231C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://tools.ietf.org/html/rfc6125#section-6.4.3GV7DzNoqCI.exe, 00000002.00000002.2036277220.0000026AF2460000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://cryptography.io/en/latest/security/GV7DzNoqCI.exe, 00000000.00000003.1966947471.000002AA944CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://cffi.readthedocs.io/en/latest/using.html#callbacksGV7DzNoqCI.exe, 00000002.00000002.2042617709.00007FFE11BDB000.00000002.00000001.01000000.00000018.sdmpfalse
                                                                                  		high
                                                                                  http://crl.xrampsecurity.com/XGCA.crl0GV7DzNoqCI.exe, 00000002.00000003.2009864581.0000026AF22C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.cert.fnmt.es/dpcs/GV7DzNoqCI.exe, 00000002.00000003.2011026270.0000026AF206E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2014472777.0000026AF206F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009629221.0000026AF22FB000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2011263438.0000026AF2328000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012983696.0000026AF206F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019465751.0000026AF207A000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010653998.0000026AF2327000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009772694.0000026AF2312000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012250680.0000026AF234C000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009888789.0000026AF231C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://google.com/mailGV7DzNoqCI.exe, 00000002.00000003.2015685786.0000026AF1C1D000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019643350.0000026AF1C32000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2020727667.0000026AF212D000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2034950687.0000026AF213B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1981741070.0000026AF1D1C000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2014262266.0000026AF1C01000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2024689206.0000026AF212D000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2017966898.0000026AF1C25000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012983696.0000026AF2119000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1C01000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2011026270.0000026AF2119000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2013259165.0000026AF212C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://packaging.python.org/specifications/entry-points/GV7DzNoqCI.exe, 00000002.00000003.1980747239.0000026AF213B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2034700585.0000026AF1E60000.00000004.00001000.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2036277220.0000026AF2460000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.accv.es00GV7DzNoqCI.exe, 00000002.00000003.2016184288.0000026AF1D5B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019159262.0000026AF1D5B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2034570974.0000026AF1D5B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009629221.0000026AF22FB000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1D16000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010635568.0000026AF1D5A000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009772694.0000026AF2312000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009888789.0000026AF231C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyGV7DzNoqCI.exe, 00000002.00000003.1976336063.0000026AEFBED000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.phys.uu.nl/~vgent/calendar/isocalendar.htmGV7DzNoqCI.exe, 00000002.00000003.1979350394.0000026AF1CC5000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1979302892.0000026AF1D1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://github.com/pyca/cryptography/issuesGV7DzNoqCI.exe, 00000000.00000003.1966947471.000002AA944CF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2038147284.00007FFDFA9D7000.00000002.00000001.01000000.00000017.sdmpfalse
                                                                                                  		high
                                                                                                  https://readthedocs.org/projects/cryptography/badge/?version=latestGV7DzNoqCI.exe, 00000000.00000003.1966947471.000002AA944CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://foss.heptapod.net/pypy/pypy/-/issues/3539GV7DzNoqCI.exe, 00000002.00000002.2034700585.0000026AF1E60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.GV7DzNoqCI.exe, 00000002.00000003.2019764458.0000026AF1CA4000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1981741070.0000026AF1C80000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012776852.0000026AF1C9F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2018944863.0000026AF1CA3000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012525830.0000026AF1C63000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2016239859.0000026AF1CA2000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1C01000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://google.com/GV7DzNoqCI.exe, 00000002.00000003.2012776852.0000026AF1CBC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019238142.0000026AF1CE0000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2016032556.0000026AF1CBC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1CBC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2017539173.0000026AF1CDF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1981741070.0000026AF1CBC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://mahler:8092/site-updates.pyGV7DzNoqCI.exe, 00000002.00000003.2013550333.0000026AF227C000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010169384.0000026AF227C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://crl.securetrust.com/SGCA.crlGV7DzNoqCI.exe, 00000002.00000003.2012344619.0000026AF22C8000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2035684481.0000026AF22C8000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009864581.0000026AF22C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://.../back.jpegGV7DzNoqCI.exe, 00000002.00000002.2036576535.0000026AF2690000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://github.com/pyca/cryptographyGV7DzNoqCI.exe, 00000000.00000003.1966947471.000002AA944CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://www.python.org/download/releases/2.3/mro/.GV7DzNoqCI.exe, 00000002.00000002.2031823001.0000026AEFCE0000.00000004.00001000.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1975014391.0000026AF01F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://cryptography.io/GV7DzNoqCI.exe, 00000000.00000003.1966947471.000002AA944CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://httpbin.org/postGV7DzNoqCI.exe, 00000002.00000003.2016522774.0000026AF1B86000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1B85000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://ocsp.accv.esrGV7DzNoqCI.exe, 00000002.00000003.2011026270.0000026AF206E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2014472777.0000026AF206F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2034950687.0000026AF207F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012983696.0000026AF206F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019465751.0000026AF207A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        https://github.com/pyca/cryptography/GV7DzNoqCI.exe, 00000000.00000003.1966947471.000002AA944CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://github.com/Ousret/charset_normalizerGV7DzNoqCI.exe, 00000002.00000003.1982383002.0000026AF216F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1981587019.0000026AF214F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010689413.0000026AF2175000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://www.firmaprofesional.com/cps0GV7DzNoqCI.exe, 00000002.00000003.2019916733.0000026AF215E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012983696.0000026AF215E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2020162580.0000026AF2181000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2011026270.0000026AF215E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2020473574.0000026AF215E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2017649363.0000026AF215E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010689413.0000026AF2175000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2021833491.0000026AF215F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2020972045.0000026AF215E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2021180331.0000026AF2181000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2018159351.0000026AF2180000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2017209074.0000026AF2176000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://github.com/urllib3/urllib3/issues/2920GV7DzNoqCI.exe, 00000002.00000003.1981741070.0000026AF1D1C000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012750324.0000026AF1D39000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2034700585.0000026AF1E60000.00000004.00001000.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2013870066.0000026AF1D4E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012525830.0000026AF1D16000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2016184288.0000026AF1D55000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1D16000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019159262.0000026AF1D55000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://crl.securetrust.com/SGCA.crl0GV7DzNoqCI.exe, 00000002.00000003.2020972045.0000026AF2147000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2017649363.0000026AF2143000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019916733.0000026AF2144000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012983696.0000026AF2119000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2011026270.0000026AF2119000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2013259165.0000026AF212C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://yahoo.com/GV7DzNoqCI.exe, 00000002.00000003.2015685786.0000026AF1C1D000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019643350.0000026AF1C32000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2020727667.0000026AF212D000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2034950687.0000026AF213B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1981741070.0000026AF1D1C000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2014262266.0000026AF1C01000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2024689206.0000026AF212D000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2017966898.0000026AF1C25000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012983696.0000026AF2119000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1C01000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2011026270.0000026AF2119000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2013259165.0000026AF212C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://crl.securetrust.com/STCA.crl0GV7DzNoqCI.exe, 00000002.00000003.2020972045.0000026AF2147000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2017649363.0000026AF2143000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019916733.0000026AF2144000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012983696.0000026AF2119000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2011026270.0000026AF2119000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2013259165.0000026AF212C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6GV7DzNoqCI.exe, 00000002.00000003.1981741070.0000026AF1C80000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012776852.0000026AF1C9F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012525830.0000026AF1C63000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1C01000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://html.spec.whatwg.org/multipage/GV7DzNoqCI.exe, 00000002.00000003.2012776852.0000026AF1CBC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019238142.0000026AF1CC5000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019591580.0000026AF1CDE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2018670580.0000026AF1CBD000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2016032556.0000026AF1CBC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1CBC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1981741070.0000026AF1CBC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://www.quovadisglobal.com/cps0GV7DzNoqCI.exe, 00000002.00000003.2021890283.0000026AF230C000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2035756074.0000026AF230D000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012667905.0000026AF2301000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2016455031.0000026AF2307000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009629221.0000026AF22FB000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2025446254.0000026AF230C000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2011263438.0000026AF22FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crlGV7DzNoqCI.exe, 00000002.00000003.2016184288.0000026AF1D5B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019159262.0000026AF1D5B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2034570974.0000026AF1D5B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1D16000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010635568.0000026AF1D5A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsGV7DzNoqCI.exe, 00000002.00000002.2036277220.0000026AF2460000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0GV7DzNoqCI.exe, 00000002.00000003.2016184288.0000026AF1D5B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019159262.0000026AF1D5B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2034570974.0000026AF1D5B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1D16000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010635568.0000026AF1D5A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://cryptography.io/en/latest/changelog/GV7DzNoqCI.exe, 00000000.00000003.1966947471.000002AA944CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://www.rfc-editor.org/rfc/rfc8259#section-8.1GV7DzNoqCI.exe, 00000002.00000003.2016282757.0000026AF1C90000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1980747239.0000026AF213B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1981741070.0000026AF1C80000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1981587019.0000026AF214F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012525830.0000026AF1C63000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012925394.0000026AF1C8E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1C01000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012872201.0000026AF1C6A000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2017850961.0000026AF1C9A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://github.com/pyca/cryptography/issues/9253GV7DzNoqCI.exe, 00000002.00000002.2038147284.00007FFDFA9D7000.00000002.00000001.01000000.00000017.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://www.iana.org/time-zones/repository/tz-link.htmlGV7DzNoqCI.exe, 00000002.00000003.1979558134.0000026AF1D1C000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1979718253.0000026AF1D1C000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1979772141.0000026AF1CBF000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.1979302892.0000026AF1D1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://mail.python.org/mailman/listinfo/cryptography-devGV7DzNoqCI.exe, 00000000.00000003.1966947471.000002AA944CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://requests.readthedocs.ioGV7DzNoqCI.exe, 00000002.00000002.2036576535.0000026AF26B8000.00000004.00001000.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1B85000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://www.cert.fnmt.es/dpcs/rGV7DzNoqCI.exe, 00000002.00000003.2011026270.0000026AF206E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2014472777.0000026AF206F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012983696.0000026AF206F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019465751.0000026AF207A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://repository.swisssign.com/GV7DzNoqCI.exe, 00000002.00000003.2021180331.0000026AF21DF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://ssh.0523qyfw.com/winscpzGV7DzNoqCI.exe, 00000002.00000002.2032877509.0000026AF1B96000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2013696200.0000026AF1B8F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1B85000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2025261614.0000026AF1B96000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://ssh.0523qyfw.com/winscpGV7DzNoqCI.exe, 00000002.00000002.2034597306.0000026AF1D60000.00000004.00001000.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2036946727.0000026AF27DC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                                                  		unknown
                                                                                                                                                                  http://crl.dhimyotis.com/certignarootca.crltOGV7DzNoqCI.exe, 00000002.00000003.2009629221.0000026AF22FB000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010610649.0000026AF2355000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009772694.0000026AF2312000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009888789.0000026AF231C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://crl.certigna.fr/certignarootca.crlGV7DzNoqCI.exe, 00000002.00000003.2015791970.0000026AF1C7D000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2024450464.0000026AF1C7E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012525830.0000026AF1C63000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019399924.0000026AF1C7E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2020133976.0000026AF1C7E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1C01000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2033387146.0000026AF1C7F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012872201.0000026AF1C6A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://crl.xrampsecurity.com/XGCA.crlGV7DzNoqCI.exe, 00000002.00000003.2021180331.0000026AF21DF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://www.python.orgGV7DzNoqCI.exe, 00000002.00000003.2016522774.0000026AF1B86000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1B85000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/GV7DzNoqCI.exe, 00000002.00000002.2034900478.0000026AF2060000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://www.accv.es/legislacion_c.htm0UGV7DzNoqCI.exe, 00000002.00000003.2016184288.0000026AF1D5B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019159262.0000026AF1D5B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2034570974.0000026AF1D5B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1D16000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010635568.0000026AF1D5A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://ocsp.accv.es0GV7DzNoqCI.exe, 00000002.00000003.2016184288.0000026AF1D5B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019159262.0000026AF1D5B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2034570974.0000026AF1D5B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1D16000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010635568.0000026AF1D5A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://www.python.org/GV7DzNoqCI.exe, 00000002.00000003.2013550333.0000026AF227C000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010169384.0000026AF227C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://json.orgGV7DzNoqCI.exe, 00000002.00000003.2013259165.0000026AF212C000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2020473574.0000026AF214C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://twitter.com/GV7DzNoqCI.exe, 00000002.00000002.2034925452.0000026AF2071000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2011026270.0000026AF206E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2014472777.0000026AF206F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012525830.0000026AF1C63000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019741378.0000026AF206F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012983696.0000026AF206F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1C01000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://wwww.certigna.fr/autoriGV7DzNoqCI.exe, 00000002.00000003.2015791970.0000026AF1C7D000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2024450464.0000026AF1C7E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012525830.0000026AF1C63000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2019399924.0000026AF1C7E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2020133976.0000026AF1C7E000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1C01000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2033387146.0000026AF1C7F000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2012872201.0000026AF1C6A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      http://www.quovadisglobal.com/cpsGV7DzNoqCI.exe, 00000002.00000003.2021180331.0000026AF21DF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://google.com/GV7DzNoqCI.exe, 00000002.00000003.2010287516.0000026AF1C01000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2011026270.0000026AF2119000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2013259165.0000026AF212C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://google.com/mail/GV7DzNoqCI.exe, 00000002.00000003.1981741070.0000026AF1CBC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://img.shields.io/pypi/v/cryptography.svgGV7DzNoqCI.exe, 00000000.00000003.1966947471.000002AA944CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://google.com/mail/GV7DzNoqCI.exe, 00000002.00000003.2015074782.0000026AF01EC000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2015372104.0000026AF0221000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2014649450.0000026AF01E7000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2017015805.0000026AF022D000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2015853853.0000026AF022C000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2032384545.0000026AF022D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://github.com/urllib3/urllib3/issues/3290GV7DzNoqCI.exe, 00000002.00000002.2036277220.0000026AF2460000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://www.openssl.org/HGV7DzNoqCI.exe, 00000000.00000003.1960908373.000002AA944CE000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2039899855.00007FFDFB29A000.00000002.00000001.01000000.0000000D.sdmp, GV7DzNoqCI.exe, 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://crl.certigna.fr/certignarootca.crl01GV7DzNoqCI.exe, 00000002.00000003.2011263438.0000026AF236B000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009629221.0000026AF22FB000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010610649.0000026AF2355000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009772694.0000026AF2312000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2009888789.0000026AF231C000.00000004.00000020.00020000.00000000.sdmp, GV7DzNoqCI.exe, 00000002.00000003.2010131152.0000026AF2368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacyGV7DzNoqCI.exe, 00000002.00000002.2036405730.0000026AF2560000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high

                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                        No contacted IP infos

                                                                                                                                                                                                        General Information

                                                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                        Analysis ID:1577422
                                                                                                                                                                                                        Start date and time:2024-12-18 13:18:57 +01:00
                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                        Overall analysis duration:0h 6m 48s
                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                        Number of analysed new started processes analysed:3
                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                        Sample name:GV7DzNoqCI.exe
                                                                                                                                                                                                        renamed because original name is a hash value
                                                                                                                                                                                                        Original Sample Name:621647c8bb5f6b42caa1de9898312f19f62ad80ae36cfc24a621fc2ec6454a42.exe
                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                        Classification:mal60.winEXE@4/70@1/0
                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                                                                        HCA Information:Failed
                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                                                                                                        • Stop behavior analysis, all processes terminated

                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 20.190.181.6, 40.126.53.16, 40.126.53.8, 40.126.53.12, 40.126.53.17, 40.126.53.19, 40.126.53.7, 20.190.181.0, 172.202.163.200, 52.182.143.212
                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): prdv4a.aadg.msidentity.com, ctldl.windowsupdate.com.delivery.microsoft.com, slscr.update.microsoft.com, www.tm.v4.a.prd.aadg.trafficmanager.net, ctldl.windowsupdate.com, dns.msftncsi.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, onedsblobprdcus15.centralus.cloudapp.azure.com, login.live.com, ocsp.edge.digicert.com, blobcollector.events.data.trafficmanager.net, sls.update.microsoft.com, umwatson.events.data.microsoft.com, wu-b-net.trafficmanager.net, www.tm.lg.prod.aadmsa.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                        • VT rate limit hit for: GV7DzNoqCI.exe

                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                        No simulations

                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                        IPs

                                                                                                                                                                                                        No context

                                                                                                                                                                                                        Domains

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        fp2e7a.wpc.phicdn.netsxVHUOSqVC.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                        R0SkdJNujW.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                        zWkO4hyEk4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                        index.html.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                        pyld611114.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                        random.exe.6.exeGet hashmaliciousLummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                        do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                        RFQ NO 65-58003.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                        JnEZtj3vtN.exeGet hashmaliciousPureCrypterBrowse
                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                        YF3YnL4ksc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                        default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com99awhy8l.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 217.20.58.100
                                                                                                                                                                                                        LA0gY3d103.exeGet hashmaliciousPureCrypter, PureLog StealerBrowse
                                                                                                                                                                                                        • 217.20.48.24
                                                                                                                                                                                                        YcxjdYUKIb.exeGet hashmaliciousPureCrypter, PureLog StealerBrowse
                                                                                                                                                                                                        • 217.20.58.98
                                                                                                                                                                                                        LA0gY3d103.exeGet hashmaliciousPureCrypter, PureLog StealerBrowse
                                                                                                                                                                                                        • 217.20.58.100
                                                                                                                                                                                                        YF3YnL4ksc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 217.20.58.99
                                                                                                                                                                                                        #U041f#U043b#U0430#U0442i#U0436#U043d#U0430 i#U043d#U0441#U0442#U0440#U0443#U043a#U0446i#U044f.jsGet hashmaliciousSmokeLoaderBrowse
                                                                                                                                                                                                        • 217.20.58.100
                                                                                                                                                                                                        PPbimZI4LV.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 217.20.58.100
                                                                                                                                                                                                        http://ngfreemessage-verifying.freewebhostmost.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 217.20.58.99
                                                                                                                                                                                                        uEhN67huiV.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 212.229.88.13
                                                                                                                                                                                                        JkICQ13OOY.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 217.20.56.100

                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                        No context

                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                        No context

                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI67442\VCRUNTIME140.dllLmZVhGD5jF.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          l4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            l4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              client.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                client.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  rvigVjH6wf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    ihNipdQaIz.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      Cb89Ti1Mib.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        Ao8sixO8Om.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          fWAr4zGUkY.exeGet hashmaliciousRemcos, Amadey, StealcBrowse

                                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\VCRUNTIME140.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):119192
                                                                                                                                                                                                                            Entropy (8bit):6.6016214745004635
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:1536:+qvQ1Dj2DkX7OcujarvmdlYNABCmgrP4ddbkZIecbWcFML/UXzlghzdMFw84hzk:+qvQ1D2CreiABCmgYecbWVLUD6h+b4ho
                                                                                                                                                                                                                            MD5:BE8DBE2DC77EBE7F88F910C61AEC691A
                                                                                                                                                                                                                            SHA1:A19F08BB2B1C1DE5BB61DAF9F2304531321E0E40
                                                                                                                                                                                                                            SHA-256:4D292623516F65C80482081E62D5DADB759DC16E851DE5DB24C3CBB57B87DB83
                                                                                                                                                                                                                            SHA-512:0DA644472B374F1DA449A06623983D0477405B5229E386ACCADB154B43B8B083EE89F07C3F04D2C0C7501EAD99AD95AECAA5873FF34C5EEB833285B598D5A655
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                                                                            • Filename: LmZVhGD5jF.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: l4.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: l4.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: client.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: client.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: rvigVjH6wf.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: ihNipdQaIz.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: Cb89Ti1Mib.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: Ao8sixO8Om.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: fWAr4zGUkY.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../c../c../c._]b./c..W.../c../b./c../c../c...`./c...g./c...f./c...c./c....../c...a./c.Rich./c.........................PE..d.....cW.........." ...&. ...d......................................................-.....`A.........................................e..4...4m...........................O...........N..p............................L..@............0...............................text...&........................... ..`fothk........ ...................... ..`.rdata..\C...0...D...$..............@..@.data...p............h..............@....pdata...............l..............@..@_RDATA...............x..............@..@.rsrc................z..............@..@.reloc...............~..............@..B................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\_bz2.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):84760
                                                                                                                                                                                                                            Entropy (8bit):6.5702075964298015
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:1536:xqgz7lGeu595+NHRGYWlnswz108Lh3uwtIbCVW7Syqx7T:AgzxAbl3nLhJtIbCVW8T
                                                                                                                                                                                                                            MD5:37EACE4B806B32F829DE08DB3803B707
                                                                                                                                                                                                                            SHA1:8A4E2BB2D04685856D1DE95B00F3FFC6EA1E76B9
                                                                                                                                                                                                                            SHA-256:1BE51EF2B5ACBE490217AA1FF12618D24B95DF6136C6844714B9CA997B4C7F9B
                                                                                                                                                                                                                            SHA-512:1591A263DE16373EE84594943A0993721B1E1A2F56140D348A646347A8E9760930DF4F632ADCEE9C9870F9C20D7818A3A8C61B956723BF94777E0B7FB7689B2D
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<..R..R..R......R...S..R.....R...W..R...V..R...Q..R...S..R..S..R..S..R..._..R...R..R......R...P..R.Rich.R.........................PE..d...)..e.........." ...%.....^...............................................P....../.....`.........................................p...H............0....... .. ......../...@..........T...........................p...@............................................text...G........................... ..`.rdata..L>.......@..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\_cffi_backend.cp311-win_amd64.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):178176
                                                                                                                                                                                                                            Entropy (8bit):6.165902427203749
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3072:87aw5iwiVHprp0+/aSdXUONX9dAXS7qkSTLkKh23/qZl:87kBVHplaSdRj4LkSTLLhW/q
                                                                                                                                                                                                                            MD5:739D352BD982ED3957D376A9237C9248
                                                                                                                                                                                                                            SHA1:961CF42F0C1BB9D29D2F1985F68250DE9D83894D
                                                                                                                                                                                                                            SHA-256:9AEE90CF7980C8FF694BB3FFE06C71F87EB6A613033F73E3174A732648D39980
                                                                                                                                                                                                                            SHA-512:585A5143519ED9B38BB53F912CEA60C87F7CE8BA159A1011CF666F390C2E3CC149E0AC601B008E039A0A78EAF876D7A3F64FFF612F5DE04C822C6E214BC2EFDE
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A:.#.[.p.[.p.[.p.#.p.[.p..q.[.p..zp.[.p..q.[.p..q.[.p..q.[.pN#.q.[.pj.q.[.p.[.p.[.pM.q.[.p.#.p.[.pM.q.[.pM.xp.[.pM.q.[.pRich.[.p................PE..d......f.........." ...).....B............................................... ............`.........................................PX..l....X.......................................?...............................=..@............................................text...X........................... ..`.rdata..............................@..@.data....].......0...j..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\_ctypes.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):124696
                                                                                                                                                                                                                            Entropy (8bit):6.042889733169693
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3072:bZMeF788mzTWJMNufLI2qV6phIzRIbLPMV:bmeGWWNufLI2ichyZ
                                                                                                                                                                                                                            MD5:A25CDCF630C024047A47A53728DC87CD
                                                                                                                                                                                                                            SHA1:8555AE488E0226A272FD7DB9F9BDBB7853E61A21
                                                                                                                                                                                                                            SHA-256:3D43869A4507ED8ECE285AE85782D83BB16328CF636170ACB895C227EBB142AC
                                                                                                                                                                                                                            SHA-512:F6A4272DEDDC5C5C033A06E80941A16F688E28179EAB3DBC4F7A9085EA4AD6998B89FC9AC501C5BF6FEA87E0BA1D9F2EDA819AD183B6FA7B6DDF1E91366C12AF
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........X...X...X...Q.*.^...M...Z...M...T...M...P...M...\...b...Z.......Y.......^.......[...X.......b...^...b...Y...b.F.Y...b...Y...RichX...........PE..d...%..e.........." ...%.............\....................................................`..........................................Q.......Q..................P......../..............T...........................`...@............................................text............................... ..`.rdata..2m.......n..................@..@.data...$=...p...8...`..............@....pdata..P...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\_decimal.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):253720
                                                                                                                                                                                                                            Entropy (8bit):6.552393878399124
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6144:F4aNJPKHCXqKEyKOxVpclJeMvfrZNxKl9qWM53pLW1A+6teJCxc:O2JyHCXqKIMpgeMnr5K4lRxc
                                                                                                                                                                                                                            MD5:E4E032221ACA4033F9D730F19DC3B21A
                                                                                                                                                                                                                            SHA1:584A3B4BC26A323CE268A64AAD90C746731F9A48
                                                                                                                                                                                                                            SHA-256:23BDD07B84D2DBCB077624D6DCBFC66AB13A9EF5F9EEBE31DC0FFECE21B9E50C
                                                                                                                                                                                                                            SHA-512:4A350BA9E8481B66E7047C9E6C68E6729F8074A29EF803ED8452C04D6D61F8F70300D5788C4C3164B0C8FB63E7C9715236C0952C3166B606E1C7D7FFF36B7C4C
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........mBP\.,.\.,.\.,.Ut..R.,.Is-.^.,.Is).Q.,.Is(.T.,.Is/.X.,.f.-._.,..t-.^.,.\.-...,.f./.].,.f.!.S.,.f.,.].,.f...].,.f...].,.Rich\.,.........PE..d......e.........." ...%.x...<.......................................................2....`......................................... T..P...pT...................&......./......P.......T...........................`...@............................................text...1v.......x.................. ..`.rdata..l............|..............@..@.data....*...p...$...T..............@....pdata...&.......(...x..............@..@.rsrc...............................@..@.reloc..P...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\_hashlib.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):65304
                                                                                                                                                                                                                            Entropy (8bit):6.254250311701017
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:1536:0WuY1lTorKnYzF9G0pLOjWNBgFIbOIp7Sy0Vxu:tuYc9GIOjiBgFIbOIpqC
                                                                                                                                                                                                                            MD5:BA682DFCDD600A4BB43A51A0D696A64C
                                                                                                                                                                                                                            SHA1:DF85AD909E9641F8FCAA0F8F5622C88D904E9E20
                                                                                                                                                                                                                            SHA-256:2AD55E11BDDB5B65CDF6E9E126D82A3B64551F7AD9D4CBF74A1058FD7E5993BD
                                                                                                                                                                                                                            SHA-512:79C607E58881D3C3DFB83886FE7AA4CDDB5221C50499D33FE21E1EFB0FFA1FD0D3F52CBE97B16B04FBE2B067D6EB5997AC66DEC9D2A160D3CB6D44FFCA0F5636
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........t..n'..n'..n'..'..n'.o&..n'.k&..n'.j&..n'.m&..n'..o&..n'.xo&..n'..o'r.n'.xc&..n'.xn&..n'.x.'..n'.xl&..n'Rich..n'........PE..d...D..e.........." ...%.T...~......0@...............................................~....`.............................................P................................/......X...P}..T............................|..@............p..0............................text....S.......T.................. ..`.rdata..rO...p...P...X..............@..@.data...8...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\_lzma.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):159512
                                                                                                                                                                                                                            Entropy (8bit):6.8416618325941725
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3072:OJlBQV6AniiMeSznf09mNogMKNA/ZttIbZ1bW/9:OJlozifF8YOgbihtL
                                                                                                                                                                                                                            MD5:3273720DDF2C5B75B072A1FB13476751
                                                                                                                                                                                                                            SHA1:5FE0A4F98E471EB801A57B8C987F0FEB1781CA8B
                                                                                                                                                                                                                            SHA-256:663F1087C2ED664C5995A3FFA64546D2E33A0FCE8A9121B48CC7C056B74A2948
                                                                                                                                                                                                                            SHA-512:919DBBFCC2F5913655D77F6C4AE9BAA3A300153A5821DC9F23E0ACEB89F69CB9FB86D6CE8F367B9301E0F7B6027E6B2F0911A2E73255AB5150A74B862F8AF18E
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......RH...)t..)t..)t..Q...)t..Vu..)t..Vq..)t..Vp..)t..Vw..)t.,.u..)t.]Qu..)t..)u.p)t.,.y.,)t.,.t..)t.,....)t.,.v..)t.Rich.)t.................PE..d...F..e.........." ...%.d...........6....................................................`..........................................%..L...\%..x....p.......P.......@.../......8.......T...............................@............................................text....b.......d.................. ..`.rdata..............h..............@..@.data........@......................@....pdata.......P....... ..............@..@.rsrc........p.......4..............@..@.reloc..8............>..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\_queue.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32536
                                                                                                                                                                                                                            Entropy (8bit):6.447575038735403
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:768:c+yFY6rbXmxU1RIbQU+5YiSyvzZAMxkEC:c+wJbXWU1RIbQU07SyLBxu
                                                                                                                                                                                                                            MD5:284FBC1B32F0282FC968045B922A4EE2
                                                                                                                                                                                                                            SHA1:7CCEA7A48084F2C8463BA30DDAE8AF771538AE82
                                                                                                                                                                                                                            SHA-256:AC3B144D7D7C8EE39F29D8749C5A35C4314B5365198821605C883FD11807E766
                                                                                                                                                                                                                            SHA-512:BAA75F7553CF595AD78C84CBB0F2A50917C93596ECE1FF6221E64272ADC6FACDD8376E00918C6C3246451211D9DFC66442D31759BD52C26985C7F133CF011065
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z2.X.Sa..Sa..Sa..+...Sa..,`..Sa..,d..Sa..,e..Sa..,b..Sa.$.`..Sa.U+`..Sa..S`.TSa.$.l..Sa.$.a..Sa.$...Sa.$.c..Sa.Rich.Sa.................PE..d......e.........." ...%.....8............................................................`..........................................C..L....C..d....p.......`.......P.../..........p4..T...........................03..@............0..0............................text............................... ..`.rdata..R....0......................@..@.data...x....P.......<..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc...............N..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\_socket.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):79640
                                                                                                                                                                                                                            Entropy (8bit):6.290718686906052
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:1536:sEbflgPFXTcf3uj79/s+S+pzpp+iTFVf7JRIbLw87Sy8Ckxt:smG1U3uj79/sT+pzH+YFVTJRIbLw8eCg
                                                                                                                                                                                                                            MD5:485D998A2DE412206F04FA028FE6BA90
                                                                                                                                                                                                                            SHA1:286E29D4F91A46171BA1E3C8229E6DE94B499F1D
                                                                                                                                                                                                                            SHA-256:8F9EDE5044643413C3B072CD31A565956498CA07CDD17FB6A04483D388FDAD76
                                                                                                                                                                                                                            SHA-512:68591522E9188F06FF81CD2B3506B40B9AD508D6E34F0111819BF5EFF47ED9ADF95EBFAE5D05B685C4F53B186D15CC45E0D831D96BE926F7A5762EE2F1341F1F
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h...............q.......v.......v.......v.......v.......................q........................l.............Rich....................PE..d...@..e.........." ...%.l...........%.......................................P......G.....`.............................................P............0....... ..x......../...@..........T...............................@............................................text...*k.......l.................. ..`.rdata...t.......v...p..............@..@.data...............................@....pdata..x.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\_ssl.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):176920
                                                                                                                                                                                                                            Entropy (8bit):5.955569171525942
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3072:UZIQQj5DC1z/39/2uX36XjRylB9d43Olh59YL48PMrN/WgAlNiVtIbC7N7d:rj5mRPxb36Xj44TLiVn
                                                                                                                                                                                                                            MD5:E5B1A076E9828985EA8EA07D22C6ABD0
                                                                                                                                                                                                                            SHA1:2A2827938A490CD847EA4E67E945DEB4EEF8CBB1
                                                                                                                                                                                                                            SHA-256:591589DADC659D1AD4856D16CD25DC8E57EAA085BF68EB2929F8F93ABA69DB1B
                                                                                                                                                                                                                            SHA-512:0AFD20F581EFB08A7943A1984E469F1587C96252E44B3A05CA3DFB6C7B8B9D1B9FD609E03A292DE6EC63B6373AEACC822E30D550B2F2D35BF7BF8DD6FC11F54F
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........wf*...y...y...y.n.y...y.i.x...y.i.x...y.i.x...y.i.x...y...x...y...yL..y.n.x...y...x...y...x...y...y...y...x...yRich...y........................PE..d...C..e.........." ...%............l+....................................................`.........................................0...d................................/......|...P...T...............................@............................................text.............................. ..`.rdata...".......$..................@..@.data...............................@....pdata...............\..............@..@.rsrc................h..............@..@.reloc..|............r..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-console-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):19864
                                                                                                                                                                                                                            Entropy (8bit):6.993481836017306
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:vWEhWQy36q0GftpBjqVsVERHRN75UVplCADZgJq:/0kisKEBq8ADZg4
                                                                                                                                                                                                                            MD5:7699C096202DA0DB6B07FAFC914D60ED
                                                                                                                                                                                                                            SHA1:6E952BE34B9457B0CC3E4AA372D941030407A0FC
                                                                                                                                                                                                                            SHA-256:0052515763A1A31D2527A2EB2523FB7B88D8E55C4E4DA5EF352B565476BF21E0
                                                                                                                                                                                                                            SHA-512:AE93507CAE8D2096C688850D369F8EF282699770B1E27621ED8EBEEDE1BB285A290F1E2E06A6E9287A05C243B907371977501F1AA4181810913763E0D5BCC2C0
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......u\....`.........................................`...+............ ...................?..............8............................................................................rdata..@...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-datetime-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):19352
                                                                                                                                                                                                                            Entropy (8bit):7.001842888356878
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:4WEhWRMoq0GftpBjCtOSbERHRN7qlZwHcC:ufaiEbEBGwB
                                                                                                                                                                                                                            MD5:928BE2A3FC2E88BDA5CA0808324E97C4
                                                                                                                                                                                                                            SHA1:B1E1BF73C5DFA99AD69BDC83EC6B6F65CEF1C3E2
                                                                                                                                                                                                                            SHA-256:CC6C2FDF1C34FA82036165B111F91220BCF7E43AAB79DFB284F982F0590BEBB1
                                                                                                                                                                                                                            SHA-512:FC83A74DBD60ADA174798D7F40D839F30EF4A288805121EA8D303E39C5FC81188F9EE86131C3DF3E2B37EDFCCA2BFEB3F69AA14E93A0D5D87A6255C6E87C73A7
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................?..............8............................................................................rdata..$...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-debug-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):19352
                                                                                                                                                                                                                            Entropy (8bit):7.007097657416164
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:EWEhWbC2Jq0GftpBjDNACiERHRN7lVTdlrltm:SoLifNiEBDl
                                                                                                                                                                                                                            MD5:4CB14835B061F42179D5251E744FD667
                                                                                                                                                                                                                            SHA1:4A1B0B32963A20C479927E4E008BFA9B4168F226
                                                                                                                                                                                                                            SHA-256:F9AAAABF78FEB39A1D8E971F5CE047D1C4A896A80409B800F1F7112CDCE420ED
                                                                                                                                                                                                                            SHA-512:20C11B2DCF8A928D04CFE6A0130716CC474D48C996025950214D6F9E97BF26B0EC6E2A68F954B0875FC05CA49811BC6E943F91B592FECD14CC8FDDD3201841E9
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......43....`.........................................`................ ...................?..............8............................................................................rdata..0...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-errorhandling-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):19376
                                                                                                                                                                                                                            Entropy (8bit):7.031341799850956
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:QvfC5WEhWHy36q0GftpBjTIPaHHCERHRN7sylTIw3R/E/M9:Qi5FkifCEBjR/mC
                                                                                                                                                                                                                            MD5:6177998C2CE574A177E524746B77EFE7
                                                                                                                                                                                                                            SHA1:21F262C4826E6EDD8534A9196AFDFAE9AC0E3D51
                                                                                                                                                                                                                            SHA-256:A0AA340274D4BB46B6D9547D647AB7DC16C229577BBAB836E6A4F3307F310332
                                                                                                                                                                                                                            SHA-512:AF8D6BBACD38B23F48F27BB472BEB81EE4EE6200AE54317D282ADA104252777B57B056FD5DE5FF0463EDE1BE8B734A8741D80C65A70B37910C13F04D85005117
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0............`.........................................`................ ...................?..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-file-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):22928
                                                                                                                                                                                                                            Entropy (8bit):6.941304537427584
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:SBPvVX7WEhWqC2Jq0GftpBjQXERHRN7qulfgOBU/Xwm:yPvVXD3LiaXEBuW2X5
                                                                                                                                                                                                                            MD5:33636552339A4A04D75B7C32DBEC59D9
                                                                                                                                                                                                                            SHA1:6457C3941D57BEBBC3A737C84377D102B6ECE18F
                                                                                                                                                                                                                            SHA-256:05B478718540A6F410A3AD859F7D5E56C223D6786EACC7E9BC80264F587FD0C7
                                                                                                                                                                                                                            SHA-512:B0F9FFED8B8861C9599E5CF0FBC5374E7CD8D170A360A3DFEB37D381DABEF941875EAF325666978071D25AA8F49D729684D8BE71D12C1B5A8928A7C00156ED03
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................@............`.........................................`................0...................?..............8............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-file-l1-2-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):19344
                                                                                                                                                                                                                            Entropy (8bit):7.019387794302155
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:8ZWEhW4Moq0GftpBjbFZERHRN7rklkETkA:8ZGaiDZEBLETf
                                                                                                                                                                                                                            MD5:9D8413744097196F92327F632A85ACEE
                                                                                                                                                                                                                            SHA1:DFC07F5E5A0634DD1F15FDC9FF9731748FBFF919
                                                                                                                                                                                                                            SHA-256:6878D8168D5CC159EFE58F14E5BA10310D99B53AB8495521E54C966994DAC50B
                                                                                                                                                                                                                            SHA-512:A8F6E9EE1C5D65F68B8B20D406D3E666C186E15CB3B92575257B5637FE7DD5AC7D75E9AD51C839BA4490512F68F6B48822FC9EDD316DD7625D3627D3B975FB2A
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0............`.........................................`...L............ ...................?..............8............................................................................rdata..\...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-file-l2-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):19336
                                                                                                                                                                                                                            Entropy (8bit):7.07368062664954
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:oVxWEhWWy36q0GftpBjHAdsERHRN7wUlZwHcv:oVhukiqdsEBwUww
                                                                                                                                                                                                                            MD5:361C6BCFCEA263749419B0FBED7A0CE8
                                                                                                                                                                                                                            SHA1:03DB13108CE9D5FC01CECF3199619FFBCCBD855A
                                                                                                                                                                                                                            SHA-256:B74AEFD6FA638BE3F415165C8109121A2093597421101ABC312EE7FFA1130278
                                                                                                                                                                                                                            SHA-512:AA8B585000CC65F9841B938E4523D91D8F6DB650E0B4BB11EFD740C27309BF81CDB77F05D0BEDA2489BF26F4FBC6D02C93CE3B64946502E2C044EEA89696CC76
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...).NV.........." .........................................................0......kw....`.........................................`................ ...................?..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-handle-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):19352
                                                                                                                                                                                                                            Entropy (8bit):7.021074039268697
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:fWEhWmy36q0GftpBj4PERHRN7lmlfgOBU/g:POkiuPEBtW2g
                                                                                                                                                                                                                            MD5:C2CD29370B21C0361D7F79D248C05860
                                                                                                                                                                                                                            SHA1:52EFDA4BA402C793D4C75E6CE185720AE1432249
                                                                                                                                                                                                                            SHA-256:550B4F5BA95108B01A24F05496576A4E73642334A10DDE61B09846E0EFB9F260
                                                                                                                                                                                                                            SHA-512:D2165032403277BA10BFBB7861BBE7395A8B0847A669588D3780953D07C1B0EA4461ACC49753E8D4978840307B1C50F9E814AB5B62B8E341159E02109BCBAB71
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0............`.........................................`..._............ ...................?..............8............................................................................rdata..t...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-heap-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):19856
                                                                                                                                                                                                                            Entropy (8bit):6.9919788904502065
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:VlzWEhW9Moq0GftpBjEwkcERHRN7AuhlCADZgJAq:LHaiwcEB4ADZgN
                                                                                                                                                                                                                            MD5:E93F34FDCD8E5FFC34AF48C90F6F95D1
                                                                                                                                                                                                                            SHA1:1CDAFB0DFB29712D37307BC5E5EDEFAB0EEF6D78
                                                                                                                                                                                                                            SHA-256:ECA63FC5C873CE8B36C507E2B9A88CAAEA9617C84669886B15F6BC38BD0024C6
                                                                                                                                                                                                                            SHA-512:3BF430A6A20B020F60627AE68D6385F3ABB7A89B16CCCC4AED1939C28527680FCE7A426F69353041C7AC50A177A8E7C3A631078E46BC73A8BF0E2B2E83A779A8
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0.......m....`.........................................`................ ...................?..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-interlocked-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):19368
                                                                                                                                                                                                                            Entropy (8bit):7.0296234740052705
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:GWEhW4C2Jq0GftpBjG/ERHRN7YlTIw3R/E/Mp1:cRLiKEB+R/mU1
                                                                                                                                                                                                                            MD5:28FD20B58320F0ED023D9CA19DA3A06D
                                                                                                                                                                                                                            SHA1:B7948DA624D84596055A9AE2A45AEA3A9B2D7B9B
                                                                                                                                                                                                                            SHA-256:2F2F9660F4FFA814F465676D5B9CB9BB70D0B7C5FC5EB14C34CFE94A50883B21
                                                                                                                                                                                                                            SHA-512:822E34CACC70EE151FF534F960D0820AE7D184A764B41CE23828E8E0E80DAF4888F528C9B1351A76883EEA2C6EB9674C8418F1787C1999EA06191D67D3928418
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................?..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-libraryloader-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):19888
                                                                                                                                                                                                                            Entropy (8bit):7.038753075266474
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:svuBL3BXWEhWDy36q0GftpBjxCnERHRN7n81lZwHcK:fBL3B3RkiCEB8xwv
                                                                                                                                                                                                                            MD5:B45F933A57E388CFC5399645CDB696F3
                                                                                                                                                                                                                            SHA1:D85450A4169C79B249D4EF64AD475F6645DC311C
                                                                                                                                                                                                                            SHA-256:2F9C3B077DA02C587964A59E9C4E2F383FF8357229EAB4B4F04814DF94D78FF0
                                                                                                                                                                                                                            SHA-512:E0DF0637BDAA4293EF0B4C0A5B9E40E5D2EA891DBB2CE465394EFEF8A1F07DF52630069E63D5E800575BA55C78C79CE095AACE3983258B4C576CDE500EF3A3BE
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0.......X....`.........................................`................ ...................?..............8............................................................................rdata..(...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-localization-l1-2-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):21936
                                                                                                                                                                                                                            Entropy (8bit):7.020074477976467
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:NOMw3zdp3bwjGjue9/0jCRrndbkWEhW9Moq0GftpBjciv9ERHRN7h3olfgOBU/J2:NOMwBprwjGjue9/0jCRrndbyDaiysEBY
                                                                                                                                                                                                                            MD5:B402ED77D6F31D825BDA175DBC0C4F92
                                                                                                                                                                                                                            SHA1:1F2A4B8753B3AAE225FEAC5487CC0011B73C0EB7
                                                                                                                                                                                                                            SHA-256:6ED17FB3CA5156B39FBC1EF7D1EEFA95E739857607DE4CD8D41CECFCD1350705
                                                                                                                                                                                                                            SHA-512:EC04013139F3FD9DBF22B92121D82B2EB97E136F8619790CDE2D0B660280E838962F9006D3E4C3A359627B017F2B6ADE7EDFF3BBC26E559C3DE37540585602D9
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......Y[....`.........................................`................ ...................?..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-memory-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):19856
                                                                                                                                                                                                                            Entropy (8bit):7.015225750103134
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:QqWEhWdfC2Jq0GftpBj42ERHRN7LXLlZwHc6k:riLi5EBDLwu
                                                                                                                                                                                                                            MD5:CA3906B115461654EED0DB5933EEF5D5
                                                                                                                                                                                                                            SHA1:0F03527A70C14413A7D114431F60D610D1805B8B
                                                                                                                                                                                                                            SHA-256:76A3AA52D49DD0D8E0451F4045F4D8BA05D2332D0DB2A39408B85CD2E43B84A3
                                                                                                                                                                                                                            SHA-512:CE6E067C528C76714C01CD2AAF052E170C2DB0F77EEC6486D15F08DF357ABE06A849B56506F89B95F1431A942B2B515F9CC626C7EC2847F4289FB613C91F6122
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`...l............ ...................?..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-namedpipe-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):19360
                                                                                                                                                                                                                            Entropy (8bit):7.074084808178223
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:XWEhWCy36q0GftpBj/2QERHRN7nlkETk0:3qkil2QEByET/
                                                                                                                                                                                                                            MD5:F24F386CFA5F097B523CCFBA5C8CDCA3
                                                                                                                                                                                                                            SHA1:FC97363843226BB69B8A1F56D8B8735A087AC103
                                                                                                                                                                                                                            SHA-256:B1B2595494072A52F1FC44586DEBF52312EAB1A245A7A16185D7B1AF37B159A6
                                                                                                                                                                                                                            SHA-512:EB6C38A7CA3B627FC52B8DE65E8564004923B4533B9C4C920666D1D4C32C762E65CC181742B39C688654C8639DF6A385F7EA1FBE50A89471B2F938F897DF4278
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......%.....`.........................................`................ ...................?..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-processenvironment-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):20424
                                                                                                                                                                                                                            Entropy (8bit):6.985652301775137
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:TWWEhWcaCIc3q0GftpBj6Iz4ERHRN7soIslfgOBU/g:oti34EBsdW2g
                                                                                                                                                                                                                            MD5:04729245832E3BF24CB5B28F9C2E9C1C
                                                                                                                                                                                                                            SHA1:1AACEA212EA11758AB8C6C64CF7C501A3F713696
                                                                                                                                                                                                                            SHA-256:BF11319EB6BE15633E47AB8F247D1ACC9A9ECDF37181FC0DDFE9388AB82AC90A
                                                                                                                                                                                                                            SHA-512:11001746AA23C5999778D9A17892DA029DFF5E8E34265EFB40AB5704F4D5F52CC4750EFBE0D8B911E1AEB1875E4F0A4398655E1BF63143ABAD83B39643C00B5A
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0............`.........................................`...G............ ...................?..............8............................................................................rdata..h...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-processthreads-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):21432
                                                                                                                                                                                                                            Entropy (8bit):7.014491925577937
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:OWXk1JzNcKSImWEhWqC2Jq0GftpBj1vzt6ERHRN7+OlTIw3R/E/Mb:ObcKSdjLirAEB1R/mU
                                                                                                                                                                                                                            MD5:C9DBB0DE9907BB628F5733C81F973462
                                                                                                                                                                                                                            SHA1:DD51E5840BA634F8FF0D6B57510622C16BA4706A
                                                                                                                                                                                                                            SHA-256:7646EBA0C683FC3E1B00F0B3B2B5912621B2016A6CEB7D53181CD1C3FA64785A
                                                                                                                                                                                                                            SHA-512:E9B754B6A79808EF353F3991EA98B951867308AB73CAE2A666B039922190394A73BCC849744823A77754519C3E5178213D75E5B787B18032AB9BE0A5DCB2A813
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......qJ....`.........................................`................ ...................?..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-processthreads-l1-1-1.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):19896
                                                                                                                                                                                                                            Entropy (8bit):7.0278343042073805
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:9DfIeAWEhWdC2Jq0GftpBjDL8ERHRN79j9lkETk8O:Gem6LiJ8EB9gETPO
                                                                                                                                                                                                                            MD5:3D872BE898581F00D0310D7AB9ABAF2B
                                                                                                                                                                                                                            SHA1:420E0AB98BB748723130DE414F0FFED117EF3F7E
                                                                                                                                                                                                                            SHA-256:4DE821884CBEF4182B29D8C33CFE13E43E130AD58EE1281679E8D40A2EDCB8EA
                                                                                                                                                                                                                            SHA-512:35CFB9888A5F4299403A0D9C57F0BA79E3625431A9ACC5E04AE2AE101B3DC521A0DCFF5D4A1BF508B25DBF05DD432F6987D860FF494D15538ED95673A8B7376B
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................?..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-profile-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):18840
                                                                                                                                                                                                                            Entropy (8bit):7.100702524260397
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:uVhWEhWoC2Jq0GftpBjJnERHRN75QrrhlkETkFd:q1Li3EB5UrwETgd
                                                                                                                                                                                                                            MD5:AEC5EBAC6404B541565026C3CB290E0B
                                                                                                                                                                                                                            SHA1:E541075842DE9DD7D0400CA0E55019D080697AB5
                                                                                                                                                                                                                            SHA-256:4CA44EDE30B46F1F23905CECFA27F0EDB26EE960DBA10F9BF8002D79ED77C3E5
                                                                                                                                                                                                                            SHA-512:74F4D501460C4A6F93888AE9B25D9732584C07EFD86ED9487B0D75E71E2EB03A840C37002C74967738088804192D42B9B443F5A826C8D66F1171232F6166D93E
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0............`.........................................`................ ...................?..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):19880
                                                                                                                                                                                                                            Entropy (8bit):6.991784429601899
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:cGeVdWEhWm4y36q0GftpBjjQJykGERHRN7zQTlfgOBU/pMw:cGeVFpHki5SZGEBzbW2pL
                                                                                                                                                                                                                            MD5:B8CEC282FB1491EB1D2BE2D969E96FE2
                                                                                                                                                                                                                            SHA1:F9011802509B3BF617E76D5B0F16A2802749A5BF
                                                                                                                                                                                                                            SHA-256:09B7F0A7F68A12602E7F4DBD5A7F1CDFB3E93FD54326884E48F36E2E200ACCE9
                                                                                                                                                                                                                            SHA-512:339B6D129B4660F2FD377BF28F6819E941BA7D36377C9B59A1B9098C3BFEF0A62D4955E9A5338F09174C6A875AC1F420EFF5C422F63AB00194E2BA206FD42ED3
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......!....`.........................................`................ ...................?..............8............................................................................rdata..,...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-string-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):19352
                                                                                                                                                                                                                            Entropy (8bit):7.046756061074216
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:9yMvfWEhWcC2Jq0GftpBjKuERHRN7l2wlfgOBU/2:9yMvP9LikuEBgxW22
                                                                                                                                                                                                                            MD5:059BB41588D83C95CAEAC5D06CB0B59F
                                                                                                                                                                                                                            SHA1:C8B26D26AE2118D7AE25FC87399FB2CD03E7F4DA
                                                                                                                                                                                                                            SHA-256:3EDA46E395FAD6EC222AB44188D6A46A468B0FD4AFF28252938F4E6A9A3E3893
                                                                                                                                                                                                                            SHA-512:0F4C0208BBEA87EC54453D718FAE2F4708524B3B6923B947E96A8C465DD8A9DE00BE2E5C90CB2B39A24D064DBED5417E7F954981689E89EA50B2C769C0BE64E1
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......7^....`.........................................`................ ...................?..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-synch-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):21392
                                                                                                                                                                                                                            Entropy (8bit):6.96535561797727
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:Ldv3V0dfpkXc0vVaEWEhW3YDy36q0GftpBj0eERHRN7mlgHrIQ8:Ldv3VqpkXc0vVaSqBkivEBjrIl
                                                                                                                                                                                                                            MD5:56BE6B76756E6D4F81DFB8F251B63739
                                                                                                                                                                                                                            SHA1:BB1DF800B0728D965FCC754DAD08AE63D6B54C06
                                                                                                                                                                                                                            SHA-256:83C1DF33DF30DF48AB161A5A1D6C3CB4BDAEBFF330EE6E81E871AFE3990D7A65
                                                                                                                                                                                                                            SHA-512:C6B453ED68E2FEFDBA53928AAC6AC6B79D1366C427370BA6043A795C0EAF79A77BAC9E019F4413E24B8EEA9A787125C01B839C08DAD0099A79751C2BF73AC128
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......j.....`.........................................`...V............ ...................?..............8............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-synch-l1-2-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):19856
                                                                                                                                                                                                                            Entropy (8bit):7.060103337490769
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:xtZ3lWEhWtE8y36q0GftpBjEn9ERHRN71QUlfgOBU/ml:7t7kis9EB1QVW2A
                                                                                                                                                                                                                            MD5:1742DA4D8DF54767064BCB50B4B5C32D
                                                                                                                                                                                                                            SHA1:50F0AE8E41F0EB2573F41B308882610C6897C574
                                                                                                                                                                                                                            SHA-256:E000C6685719C2B07355C1EDDBFDAE7C6794AA6C0AC883D34AF33DFC8BF40779
                                                                                                                                                                                                                            SHA-512:99823EA5553CEDE3A0C8C19A3BDD18E31E2BA92BF7EE4808257B660F621DE66EB596CFCB7BE5C13EBE8DDD3759809F258C4ECDD72D8D39D9C2D10B9624CB3D95
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0............`.........................................`...v............ ...................?..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):20376
                                                                                                                                                                                                                            Entropy (8bit):6.987462274389362
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:vB2WEhW3y36q0GftpBjPjERHRN7ogDlCADZgJz:vBslkidjEBoRADZg1
                                                                                                                                                                                                                            MD5:79B6580C25F8C572376CBF39BB41BE05
                                                                                                                                                                                                                            SHA1:40DBA231AD9CFD891BCE54C44DC9F73E54C8532B
                                                                                                                                                                                                                            SHA-256:F5BF492FE568EB57D2E7111B1C3927F1EE897B5A1109BC68EBE011A2DFDEF2FE
                                                                                                                                                                                                                            SHA-512:E5A64E4F7AFC8693634F5D92AA5EF6F4C241CA2F246A641B728D54C1E82E856793DBEC40F4FD9A2653E962C0B6A4F179221594B3084116A7995AF5E3E769DDFA
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......O.....`.........................................`...E............ ...................?..............8............................................................................rdata..\...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-timezone-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):19360
                                                                                                                                                                                                                            Entropy (8bit):7.0871177471347195
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:MWEhWhy36q0GftpBj+YERHRN7nwlCADZgJc:KLkiHEBnJADZgy
                                                                                                                                                                                                                            MD5:6C180C8DE3ECF27DE7A5812FF055737E
                                                                                                                                                                                                                            SHA1:3AAD20B71BB374BB2C5F7431A1B75B60956A01FD
                                                                                                                                                                                                                            SHA-256:630466FD77AC7009C947A8370A0D0C20652169824C54DDCB8C05E8DF45E23197
                                                                                                                                                                                                                            SHA-512:E4AA79EB2B6B3BE9B545E8CB8B43CD6052036DC5CCE7077BE40441B9942931B30D76C475D550A178D4E94C9C366CABC852F500E482B7FDCD361FC2A08E41C00E
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......C2....`.........................................`................ ...................?..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-core-util-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):19336
                                                                                                                                                                                                                            Entropy (8bit):7.00947187660432
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:/PWEhWvaNy3WUuDBks/nGfe4pBjSHdWm78RFAII1RHnhWgN7acWcrD+Rqnajjvun:nWEhWIy36q0GftpBjtERHRN77elZwHc+
                                                                                                                                                                                                                            MD5:0C33A3762C1E583342D80E9B6483F74B
                                                                                                                                                                                                                            SHA1:0EF41C8C68BE764D6C2F23E04279D6F12F32603C
                                                                                                                                                                                                                            SHA-256:187D47EBCC1E96ABE635F23C92D2C63FC8CD741FCB03FE2DD5FC3054CB3D6D92
                                                                                                                                                                                                                            SHA-512:93C907AE0C864A4FBA5EEF82AA2473FCBB5F376906A6918896294A4259F5B062A6FE4D9E455FC43741004ED928D8C6BB4D4BC10479BC9A4AC81A711542EC229F
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......$f....`.........................................`...9............ ...................?..............8............................................................................rdata..L...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-conio-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):20368
                                                                                                                                                                                                                            Entropy (8bit):7.0048171461365465
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:LN+WEhW0C2Jq0GftpBjNgfERHRN79lCADZgJJ:mpLiUfEBiADZgn
                                                                                                                                                                                                                            MD5:84A950E3C162D67F98516BB1744139E0
                                                                                                                                                                                                                            SHA1:05FF2FE60C5748C33BA8605AAF609B3BDFE2772F
                                                                                                                                                                                                                            SHA-256:91F4DB05C69C58ECB2493E30ACC5297043C41B1CE6DB50CEE4E2922CD4BCD7F2
                                                                                                                                                                                                                            SHA-512:7328C6A512D450F2538EFEABF3F467489A898ED7C1D45C1952B98D118D898083510C9849182BC425411A408C113A351A28B41BEDEB5B8DE61427144B3FA87C80
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................?..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-convert-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):23448
                                                                                                                                                                                                                            Entropy (8bit):6.8592303562068695
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:WDyuWEhWYy36q0GftpBjBt6ERHRN7Kr3lgHrIQDm:yokiTt6EB0ArIz
                                                                                                                                                                                                                            MD5:D749AFFFA2B3BE4B2A9EDAC50C20B28B
                                                                                                                                                                                                                            SHA1:972253ED12C344B85290F7B3D5F9608A7F7B0670
                                                                                                                                                                                                                            SHA-256:E64FBAC3491B4693E79A3F7B0DB1D788F93608D3FC82133EDF25A868C80D2153
                                                                                                                                                                                                                            SHA-512:4447B6960A6C178F7C37DBD38E9AEC24BA5A0C58E19AFCFAA2B70DCA7D7BBE87AD7AA1AC9D48AB9B56B1F375768D4C4CB28D5AFCF714102F9757FAA2B3E728D9
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................@............`.........................................`................0...................?..............8............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-environment-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):19872
                                                                                                                                                                                                                            Entropy (8bit):6.992251797681991
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:BWEhWxy36q0GftpBjUERHRN7QklgHrIQQ:RHki+EBQRrIN
                                                                                                                                                                                                                            MD5:7A2874FE036F7DC86ED5F712ADAA38E6
                                                                                                                                                                                                                            SHA1:440F2DC5379CEEE35D29571C195DC7A76E8B70E7
                                                                                                                                                                                                                            SHA-256:DD054E4DE84144C2130FA8D28D563252A7C4089A58872E49D63BC43C9A1A3CB8
                                                                                                                                                                                                                            SHA-512:D20811025F714B5FD3754D607422F4FB5CD6C456FFCEEF139EDCB0CFAACD9B63A694CE2EA737DB78385F0B23DDCFC283282A319B79E7A0E4BD50034E87AACB9A
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`..."............ ...................?..............8............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):21408
                                                                                                                                                                                                                            Entropy (8bit):7.005777635258922
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:r81nWm5CcWEhWMLy36q0GftpBjhERHRN7qEOlZwHcs:rOnWm5C6rmki/EBIwv
                                                                                                                                                                                                                            MD5:73E14D927D075CA273B3237116351E8F
                                                                                                                                                                                                                            SHA1:0C15CEA3C83C7F7E692DC6F8BD856B615C727D49
                                                                                                                                                                                                                            SHA-256:966A7F15BFB2E0FF7888D583638EBD675D8F46B264194CF332F78140B7C129E1
                                                                                                                                                                                                                            SHA-512:664F72D7ADF48F8499321F8A5DF952C6043532AAE09BAE9FFBD59DA77B161CD43211A3AAEF1BA85529DFE00498D1AC3A933A7C9CF437095C6A337C9BC0816B3F
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......]....`.........................................`................ ...................?..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-heap-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):20360
                                                                                                                                                                                                                            Entropy (8bit):6.973623049512662
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:4QWEhWJC2Jq0GftpBj+WU9ERHRN7LlgHrIQ3m:4WyLiC9EBMrIf
                                                                                                                                                                                                                            MD5:01370C79EBABD534E7B58D35072D2866
                                                                                                                                                                                                                            SHA1:8CD0CD21FF838A2A314246DEF4BD858BAB184A5D
                                                                                                                                                                                                                            SHA-256:742BB9BF4C232F84AD8008AF4AF8EDA7A1EC3EB76F05D9D7EBB95F6A5CABD2D8
                                                                                                                                                                                                                            SHA-512:B07D9634AC804B476D61B6A0FC87894947E88744CC3EECF7D68EDE3714ACD938FAE14452E43F9110919B8F8F9F5D4222E9DE2CA97A915DD07B3231D674729761
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................?..............8............................................................................rdata..(...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-locale-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):19856
                                                                                                                                                                                                                            Entropy (8bit):7.051566271525755
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:b9DWEhWIy36q0GftpBjyK5ERHRN7WlgHrIQsa:NEkizEBTrI7a
                                                                                                                                                                                                                            MD5:BACB72FA56DE18D5AC63E4A0A3FE768F
                                                                                                                                                                                                                            SHA1:7DB19EFE649D30337781AFD62616C0549255046E
                                                                                                                                                                                                                            SHA-256:25905676B543C4F05E9DAE135F929C03A57686A6941CE59BE2B3450521FEB943
                                                                                                                                                                                                                            SHA-512:78D82962C11E5928E77C5BD0377ECB6B00C2ECA242D637F76E68FBF907BCE7381F3A5294100D055C30F6E2AEE164DB0B95DCF0C0C77E39EDCEC4A046CFC63ED4
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......-.....`.........................................`...e............ ...................?..............8............................................................................rdata..|...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-math-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):28552
                                                                                                                                                                                                                            Entropy (8bit):6.654016239428645
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:FZVacWM4Oe59Ckb1hgmLiWEhWXy36q0GftpBjbERHRN7RlgHrIQE+:FZVJWMq59Bb1jQ9ki5EBqrIT+
                                                                                                                                                                                                                            MD5:85893A96A568BA9781F50F876ED303CD
                                                                                                                                                                                                                            SHA1:FB7473BC5B1E88E978B7E5664B45D69770C8F4FA
                                                                                                                                                                                                                            SHA-256:08E34F12DE24E89379A0533F21A23CE6FECBEA05D4062796D4FFD4ADC3012316
                                                                                                                                                                                                                            SHA-512:864FA39423B8CA9C43FA177ACA1484EC2FFAE4868A434E7A8016EFE88F396B67FB8CA3766F611DE7218E9983653A8B7B88B07C2591B252DD93A0D9638980E7FF
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........,...............................................P......U.....`.........................................`....%...........@...............0...?..............8............................................................................rdata...&.......(..................@..@.rsrc........@.......,..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-process-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):20376
                                                                                                                                                                                                                            Entropy (8bit):6.990619239924047
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:OitIlWEhWHy36q0GftpBj05MrERHRN7lQkklfgOBU/Ux:v6dkiomEBPW2Ux
                                                                                                                                                                                                                            MD5:9EE275466394A2088D7DFBBC0C716671
                                                                                                                                                                                                                            SHA1:4D2F94674587251C60805889395AB7377E8C5E17
                                                                                                                                                                                                                            SHA-256:C68A61C260454C0AEB051DDB2BED52CBCA44B96D50046017CBC351B41F225DC0
                                                                                                                                                                                                                            SHA-512:996212D07B0B6E55F54E17D6A053F017B1FD00F50906DB9DE25B8AE5632EEAC9C197E91DB1C293E7ABF0E8B823937CB18E26F43E166F76C02A6914C9776A72B3
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......n.....`.........................................`...x............ ...................?..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-runtime-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):23960
                                                                                                                                                                                                                            Entropy (8bit):6.8615759821856575
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:E42r77WEhW+y36q0GftpBjLleERHRN7lXMl8tazs:E42r7DSkiNleEBzt9
                                                                                                                                                                                                                            MD5:55B80C522731ECB92914BF9CDED028C2
                                                                                                                                                                                                                            SHA1:424C61BC659CAF04281959EDE1B1F03B703934ED
                                                                                                                                                                                                                            SHA-256:4C787FF8D40BB803E75FE6218FEC36A672CFA6CFC7F6E80E68A7EB0B77A10E5A
                                                                                                                                                                                                                            SHA-512:3779B530C7DBA624369CB0F5D15154D89547ADC3C4C7CC0571F1E8326588165098B9B5768D0052ECF1EA4F2DC84AE7DCF4712E3BC9EBDADB5FCA4B0F4DE43812
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................@............`.........................................`...4............0...................?..............8............................................................................rdata..H...........................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-stdio-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):25480
                                                                                                                                                                                                                            Entropy (8bit):6.8150529690105115
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:u3vAmiFVhFWEhW/y36q0GftpBjpq+cpfERHRN7ulZwHcP1:cvYjNki5eEBSwu
                                                                                                                                                                                                                            MD5:4614D03A94D46C0E9D1C5D96A3FE1D78
                                                                                                                                                                                                                            SHA1:CACB73CA3C7E31A4B8F749854060B7A422497050
                                                                                                                                                                                                                            SHA-256:C7919BE431CE2FA1906FF9EEB19E4CB19A30A4680107EF8737CE894654B21A5A
                                                                                                                                                                                                                            SHA-512:4F30E8C5893662D7889A049C206B08559AD1A34EB7927BE313086D6DAE40DCA3571DE3852DBA2AD9324E028FA86E8A391A58EC48BA5DBD5C4A88660FFE8B30DF
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." ......... ...............................................@............`.........................................`...a............0...............$...?..............8............................................................................rdata..t...........................@..@.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-string-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):25496
                                                                                                                                                                                                                            Entropy (8bit):6.809287749827101
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:768:a5yguNvZ5VQgx3SbwA71IkFZjkiJ9EBj8r95j:a5yguNvZ5VQgx3SbwA71Iijkm9EBwx5
                                                                                                                                                                                                                            MD5:7A2799F4BC45505E7104E06DC8E254F8
                                                                                                                                                                                                                            SHA1:323BC35E0101B351A4ABDE1FCE698520832518A8
                                                                                                                                                                                                                            SHA-256:92F72F495A6897F7D7CF2C2064B2B65F6B4FBD4F30911A534A5CD0DE73395EBE
                                                                                                                                                                                                                            SHA-512:2627DA183779F17FCC9709A6DA2E2916A296F61124ADB9BF563C80D723ADA9B769806CAB8FBC4ED916F54FD4CDE18F25E7AD53ED6C75E7E61FDEF37C2F1EC9B2
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." ......... ...............................................@......+.....`.........................................`................0...............$...?..............8............................................................................rdata..............................@..@.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-time-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):21896
                                                                                                                                                                                                                            Entropy (8bit):6.938332058802964
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:OPEzaWEhWIZC2Jq0GftpBjxERHRN71YXlgHrIQD:E0YPLi7EB3rI2
                                                                                                                                                                                                                            MD5:38B633F132F8E2B3ABC268537FA415EC
                                                                                                                                                                                                                            SHA1:CCCCB8C3E31DCE7B6B952022D245C11FF3AE8122
                                                                                                                                                                                                                            SHA-256:46CB7B3A9F8AAC5ADCDBE23494E458F3195ADF4B8ED1C71F2D934DDDE651E57E
                                                                                                                                                                                                                            SHA-512:23BD77D61C20B1AF7F13B5BCBEB9FA74EE807F809BB3D4DD40C7709CA4870078FA6E8E94EEFC83A725C0245C0CE02E3ADBD4F370D6B986F0C9442CCBC2C2AB96
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......:U....`.........................................`................ ...................?..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\api-ms-win-crt-utility-l1-1-0.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):20928
                                                                                                                                                                                                                            Entropy (8bit):4.525945528506043
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:evbjfHQduLWBhWVWYnO/VWQ4uWM6cA5E8qnajTw+CCevq:UfFWBhWFUix5E8lvwDDq
                                                                                                                                                                                                                            MD5:E79464524FBC2C266DA52D0A903D85D3
                                                                                                                                                                                                                            SHA1:6BAD715617992277751A8DDFC180BA291BA75D59
                                                                                                                                                                                                                            SHA-256:6C78D4ABA91877C5BB33E545B6A69A818F377E07FF62E791B804FA5B4D2BCF02
                                                                                                                                                                                                                            SHA-512:DEF71789E238ECD3B2D68DBD204ACC62537AD39CE50A5BF09F320FC8CACC1B3F561822784D006AB2145EAB5AB7BE3F74C1C773FBE814EFA040A1DBB3FFA6744E
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..d...F............." .........0...............................................@......a9....`A........................................P...^............0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\base_library.zip

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1852021
                                                                                                                                                                                                                            Entropy (8bit):5.576123239051486
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:24576:mQR5pATG8/R5lUKdcubgAnyPb6l2X0iwh6E+dmzNPaaMVTC+dWwhcHHY:mQR5pE/R/2vN8+ww1
                                                                                                                                                                                                                            MD5:EA42C63637A86AFC5C6C2A8A6BD39754
                                                                                                                                                                                                                            SHA1:8E1C44CF9E0B05FFEB3A5B52BCA6B0B505D3CB6C
                                                                                                                                                                                                                            SHA-256:C7EB35EEBE6C8E3FD311B1EE5FF1EE6D70AF2D6200782E7D14E61C0958E924BC
                                                                                                                                                                                                                            SHA-512:E124389DBD00E7F9209A324331BB80F860432A3E2CF3217404349F6A2BB085EC9326E0763B0D2B64BB1063A7BD157C006D715BB4F1ABBE5B751278C0B62C454B
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:PK..........!.h%..b...b......._collections_abc.pyc............................................d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.........................Z...e.d...............Z.d...Z...e.e...............Z.[.g.d...Z.d.Z...e...e.d.............................Z...e...e...e...........................................Z...e...e.i.................................................................Z...e...e.i.................................................................Z...e...e.i.................................................................Z...e...e.g.............................Z...e...e...e.g...........................................Z...e...e...e.d...........................................Z...e...e...e.d.d.z.............................................Z...e...e...e...........................................Z...e...e.d.............................Z ..e...e.d.............................Z!..e...e...e"..........................................Z#..e.i.......................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\certifi\cacert.pem

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):299427
                                                                                                                                                                                                                            Entropy (8bit):6.047872935262006
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5Nahx:QWb/TRJLWURrI5RWavdF08/
                                                                                                                                                                                                                            MD5:50EA156B773E8803F6C1FE712F746CBA
                                                                                                                                                                                                                            SHA1:2C68212E96605210EDDF740291862BDF59398AEF
                                                                                                                                                                                                                            SHA-256:94EDEB66E91774FCAE93A05650914E29096259A5C7E871A1F65D461AB5201B47
                                                                                                                                                                                                                            SHA-512:01ED2E7177A99E6CB3FBEF815321B6FA036AD14A3F93499F2CB5B0DAE5B713FD2E6955AA05F6BDA11D80E9E0275040005E5B7D616959B28EFC62ABB43A3238F0
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\charset_normalizer\md.cp311-win_amd64.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):10752
                                                                                                                                                                                                                            Entropy (8bit):4.673454313041419
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:96:KG+p72HzA5iJGhU2Y0hQMsQJCUCLsZEA4elh3XQMtCFliHUWQcX6g8cim1qeSju1:A2HzzU2bRYoeLHkcqgvimoe
                                                                                                                                                                                                                            MD5:723EC2E1404AE1047C3EF860B9840C29
                                                                                                                                                                                                                            SHA1:8FC869B92863FB6D2758019DD01EDBEF2A9A100A
                                                                                                                                                                                                                            SHA-256:790A11AA270523C2EFA6021CE4F994C3C5A67E8EAAAF02074D5308420B68BD94
                                                                                                                                                                                                                            SHA-512:2E323AE5B816ADDE7AAA14398F1FDB3EFE15A19DF3735A604A7DB6CADC22B753046EAB242E0F1FBCD3310A8FBB59FF49865827D242BAF21F44FD994C3AC9A878
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..............................M....................................... ...?.......?.......?.a.....?.......Rich............................PE..d...siAe.........." ...%.....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):119296
                                                                                                                                                                                                                            Entropy (8bit):5.872097486056729
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:1536:OzgMw0g+m/+rxC9Jtd960WsCyqPD1/bZMlDML48Be9zGTVmZRJIRbvB:OsTH+VC9Jtd9VdCr7fMp/8yGTVmzmZ
                                                                                                                                                                                                                            MD5:9EA8098D31ADB0F9D928759BDCA39819
                                                                                                                                                                                                                            SHA1:E309C85C1C8E6CE049EEA1F39BEE654B9F98D7C5
                                                                                                                                                                                                                            SHA-256:3D9893AA79EFD13D81FCD614E9EF5FB6AAD90569BEEDED5112DE5ED5AC3CF753
                                                                                                                                                                                                                            SHA-512:86AF770F61C94DFBF074BCC4B11932BBA2511CAA83C223780112BDA4FFB7986270DC2649D4D3EA78614DBCE6F7468C8983A34966FC3F2DE53055AC6B5059A707
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..r...r...r......r...s...r...s...r...w...r...v..r...q...r.#.s...r...s...r..8z...r..8r...r..8....r..8p...r.Rich..r.........................PE..d...siAe.........." ...%.*..........0........................................ ............`.........................................p...d..........................................Px...............................w..@............@...............................text...X).......*.................. ..`.rdata...X...@...Z..................@..@.data...8=.......0..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\cryptography-43.0.1.dist-info\INSTALLER

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):4
                                                                                                                                                                                                                            Entropy (8bit):1.5
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:Mn:M
                                                                                                                                                                                                                            MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                            SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                            SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                            SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:pip.

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\cryptography-43.0.1.dist-info\METADATA

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):5440
                                                                                                                                                                                                                            Entropy (8bit):5.074342830021076
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:96:DlaQIUQIhQIKQILbQIRIaMPktjaVxsxA2TtLDmplH7dwnqTIvrUmA0JQTQCQx5KN:LcPuP1srTtLDmplH7JTIvYX0JQTQ9x54
                                                                                                                                                                                                                            MD5:554DC6138FDBF98B7F1EDFE207AF3D67
                                                                                                                                                                                                                            SHA1:B6C806E2AFF9A0F560916A90F793348DBF0514BA
                                                                                                                                                                                                                            SHA-256:0064A9B5FD2AC18605E512EF7127318AD9CF259E9445488C169F237A590602E1
                                                                                                                                                                                                                            SHA-512:3A71B533874F4D0F94F15192791D2FA4DF9E8EBF184C711F1D4FA97230C04764C1C9A93258355B08107E5B72053C6901E883E3DB577E8A204D5B9EB3F8BC7BFC
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:Metadata-Version: 2.3.Name: cryptography.Version: 43.0.1.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Natural Language :: English.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: POSIX.Classifier: Operating System :: POSIX :: BSD.Classifier: Operating System :: POSIX :: Linux.Classifier: Operating System :: Microsoft :: Windows.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classif

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\cryptography-43.0.1.dist-info\RECORD

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):15579
                                                                                                                                                                                                                            Entropy (8bit):5.567690749632252
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:bX1Tojoz5jF4ELZVhXau4WPE6FGotqw++NX6in55qw/n+B:bXejohCEJaiPE6FGotqw++96in5+B
                                                                                                                                                                                                                            MD5:850C89F8185D4BD3C91322CED9FF0941
                                                                                                                                                                                                                            SHA1:585713DC0113561CEFD4D2003E9ABBB7FA175077
                                                                                                                                                                                                                            SHA-256:059F4DD4D777F49808924B27DB2B7F7F413DB91729A42F7CD5F10C605AA211CF
                                                                                                                                                                                                                            SHA-512:4DBFAD178A7496CA853951261FD15D99F27D102BAB15EA883FBBD896CA4248B3876DB85E9C25F0D1BB81A741AFE018E16D31AAF23D53EBFCFE893ADDF59AC31E
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:cryptography-43.0.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-43.0.1.dist-info/METADATA,sha256=AGSptf0qwYYF5RLvcScxitnPJZ6URUiMFp8jelkGAuE,5440..cryptography-43.0.1.dist-info/RECORD,,..cryptography-43.0.1.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..cryptography-43.0.1.dist-info/WHEEL,sha256=8_4EnrLvbhzH224YH8WypoB7HFn-vpbwr_zHlr3XUBI,94..cryptography-43.0.1.dist-info/license_files/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-43.0.1.dist-info/license_files/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-43.0.1.dist-info/license_files/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography/__about__.py,sha256=pY_pmYXjJTK-LjfCu7ot0NMj0QC2dkD1dCPyV8QjISM,445..cryptography/__init__.py,sha256=mthuUrTd4FROCpUYrTIqhjz6s6T9djAZrV7nZ1oMm2o,364..cryptography/__pycache__/__about__.cpython-311.pyc,,..cryptography/__pycache__/__ini

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\cryptography-43.0.1.dist-info\WHEEL

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):94
                                                                                                                                                                                                                            Entropy (8bit):5.016084900984752
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:RtEeX5pGogP+tkKciH/KQb:RtvoTWKTQb
                                                                                                                                                                                                                            MD5:C869D30012A100ADEB75860F3810C8C9
                                                                                                                                                                                                                            SHA1:42FD5CFA75566E8A9525E087A2018E8666ED22CB
                                                                                                                                                                                                                            SHA-256:F3FE049EB2EF6E1CC7DB6E181FC5B2A6807B1C59FEBE96F0AFFCC796BDD75012
                                                                                                                                                                                                                            SHA-512:B29FEAF6587601BBE0EDAD3DF9A87BFC82BB2C13E91103699BABD7E039F05558C0AC1EF7D904BCFAF85D791B96BC26FA9E39988DD83A1CE8ECCA85029C5109F0
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:Wheel-Version: 1.0.Generator: maturin (1.7.0).Root-Is-Purelib: false.Tag: cp39-abi3-win_amd64.

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\cryptography-43.0.1.dist-info\license_files\LICENSE

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):197
                                                                                                                                                                                                                            Entropy (8bit):4.61968998873571
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
                                                                                                                                                                                                                            MD5:8C3617DB4FB6FAE01F1D253AB91511E4
                                                                                                                                                                                                                            SHA1:E442040C26CD76D1B946822CAF29011A51F75D6D
                                                                                                                                                                                                                            SHA-256:3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
                                                                                                                                                                                                                            SHA-512:77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses..

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\cryptography-43.0.1.dist-info\license_files\LICENSE.APACHE

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):11360
                                                                                                                                                                                                                            Entropy (8bit):4.426756947907149
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                                                                                                                                                                                            MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                                                                                                                                                                                            SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                                                                                                                                                                                            SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                                                                                                                                                                                            SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\cryptography-43.0.1.dist-info\license_files\LICENSE.BSD

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1532
                                                                                                                                                                                                                            Entropy (8bit):5.058591167088024
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                                                                                                                                                                                            MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                                                                                                                                                                                            SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                                                                                                                                                                                            SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                                                                                                                                                                                            SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):7900672
                                                                                                                                                                                                                            Entropy (8bit):6.519460416205842
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:Hvisa2OcIo0UYN1YA2sBCT7I0XIU6iOGtlqNVwASO0AIjoI+b0vjemXSKSDhxlT3:Pi/2PTYDBCT7NY+gTNxY7GbdJ295x
                                                                                                                                                                                                                            MD5:81AD4F91BB10900E3E2E8EAF917F42C9
                                                                                                                                                                                                                            SHA1:840F7AEF02CDA6672F0E3FC7A8D57F213DDD1DC6
                                                                                                                                                                                                                            SHA-256:5F20D6CEC04685075781996A9F54A78DC44AB8E39EB5A2BCF3234E36BEF4B190
                                                                                                                                                                                                                            SHA-512:11CD299D6812CDF6F0A74BA86EB44E9904CE4106167EBD6E0B81F60A5FCD04236CEF5CFF81E51ED391F5156430663056393DC07353C4A70A88024194768FFE9D
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......l..(...(...(...!...:...8...*...8...,...8... ...8...9...c..&...G...*...(...+...`...V...(.....`...)...`...)...Rich(...........................PE..d....j.f.........." ...).`Z..V........X.......................................x...........`.........................................p.r.......r...............t...............x......Cj.T....................Cj.(....Aj.@............pZ..............................text...._Z......`Z................. ..`.rdata..ZR...pZ..T...dZ.............@..@.data....+....r.......r.............@....pdata........t.......s.............@..@.reloc........x.......w.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\libcrypto-3.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):5191960
                                                                                                                                                                                                                            Entropy (8bit):5.962142634441191
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:98304:n3+pefu6fSar+SJ8aqfPomg1CPwDvt3uFlDCE:3G+u6fb+SJ8aqfwmg1CPwDvt3uFlDCE
                                                                                                                                                                                                                            MD5:E547CF6D296A88F5B1C352C116DF7C0C
                                                                                                                                                                                                                            SHA1:CAFA14E0367F7C13AD140FD556F10F320A039783
                                                                                                                                                                                                                            SHA-256:05FE080EAB7FC535C51E10C1BD76A2F3E6217F9C91A25034774588881C3F99DE
                                                                                                                                                                                                                            SHA-512:9F42EDF04C7AF350A00FA4FDF92B8E2E6F47AB9D2D41491985B20CD0ADDE4F694253399F6A88F4BDD765C4F49792F25FB01E84EC03FD5D0BE8BB61773D77D74D
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............l..l..l......l...m..l...i..l...h..l...o..l..m.y.l...m...l...o..l...h.l...l..l......l...n..l.Rich.l.........PE..d......e.........." ...%..7..4......v.........................................O.......P...`.........................................P.H.0....kN.@.....N.|.....K.d.....O../....N....P.C.8.............................C.@............`N..............................text.....7.......7................. ..`.rdata....... 7.......7.............@..@.data....n....K..<....J.............@....pdata..0.....K......4K.............@..@.idata...%...`N..&....N.............@..@.00cfg..u.....N.......N.............@..@.rsrc...|.....N......0N.............@..@.reloc........N......8N.............@..B................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\libffi-8.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):39696
                                                                                                                                                                                                                            Entropy (8bit):6.641880464695502
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                                                                                                                                                                                                                            MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                                                                                                                                                                                                                            SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                                                                                                                                                                                                                            SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                                                                                                                                                                                                                            SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\libssl-3.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):787224
                                                                                                                                                                                                                            Entropy (8bit):5.609561366841894
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:ytPc2nnGoNg4kSHoxX09yO5EavUFe9Xb12:y9jnnpTHoxXUsFe9XbM
                                                                                                                                                                                                                            MD5:19A2ABA25456181D5FB572D88AC0E73E
                                                                                                                                                                                                                            SHA1:656CA8CDFC9C3A6379536E2027E93408851483DB
                                                                                                                                                                                                                            SHA-256:2E9FBCD8F7FDC13A5179533239811456554F2B3AA2FB10E1B17BE0DF81C79006
                                                                                                                                                                                                                            SHA-512:DF17DC8A882363A6C5A1B78BA3CF448437D1118CCC4A6275CC7681551B13C1A4E0F94E30FFB94C3530B688B62BFF1C03E57C2C185A7DF2BF3E5737A06E114337
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........>:V.PiV.PiV.Pi_..iX.PiC.QhT.Pi..QhT.PiC.UhZ.PiC.Th^.PiC.ShR.PillQhU.PiV.QiH.PillThf.PillPhW.Pill.iW.PillRhW.PiRichV.Pi................PE..d......e.........." ...%.*..........K........................................ ............`..........................................g...Q..............s.......@M......./......`.......8...........................`...@............p...............................text...D).......*.................. ..`.rdata..Hy...@...z..................@..@.data....N.......H..................@....pdata...V.......X..................@..@.idata...c...p...d...H..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..4...........................@..B........................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\python3.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):67352
                                                                                                                                                                                                                            Entropy (8bit):6.146376482841349
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:768:iw/EsYpkVgBaz57kcDA7QKFmpz7cnzH/ks/KF61xubwmB1Cf//yhC74JFmpktJSv:F/5k8cnzeJfRIbL0D7SyZxEL
                                                                                                                                                                                                                            MD5:35DA4143951C5354262A28DEE569B7B2
                                                                                                                                                                                                                            SHA1:B07CB6B28C08C012EECB9FD7D74040163CDF4E0E
                                                                                                                                                                                                                            SHA-256:920350A7C24C46339754E38D0DB34AB558E891DA0B3A389D5230A0D379BEE802
                                                                                                                                                                                                                            SHA-512:2976667732F9EE797B7049D86FD9BEEB05409ADB7B89E3F5B1C875C72A4076CF65C762632B7230D7F581C052FCE65BB91C1614C9E3A52A738051C3BC3D167A23
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........T...5e..5e..5e..m..5e..e..5e.....5e..g..5e.Rich.5e.........PE..d......e.........." ...%..................................................................`.........................................`...P................................/..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\python311.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):5789464
                                                                                                                                                                                                                            Entropy (8bit):6.087003733819531
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:7KUvq5S8qfFIbGoSieBCZjze3eWVWhQNkGDiUWmtAoaOvi26g2je7wkUB3AO1Fp6:7KUvq1quUqjTPGzuvihAs2oH9M8I9URf
                                                                                                                                                                                                                            MD5:D06DA79BFD21BB355DC3E20E17D3776C
                                                                                                                                                                                                                            SHA1:610712E77F80D2507FFE85129BFEB1FF72FA38BF
                                                                                                                                                                                                                            SHA-256:2835E0F24FB13EF019608B13817F3ACF8735FBC5F786D00501C4A151226BDFF1
                                                                                                                                                                                                                            SHA-512:E4DD839C18C95B847B813FFD0CA81823048D9B427E5DCF05F4FBE0D77B8F7C8A4BD1C67C106402CD1975BC20A8EC1406A38AD4764AB466EF03CB7EB1F431C38A
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............|...|...|.......|.......|.......|.......|.......|....c..|......|...|..}.......|.......|.......|.......|..Rich.|..........PE..d......e.........." ...%..%..P7.....\z.......................................@].......X...`...........................................@......A.......[.......W..2...(X../....[..D..@.*.T.............................*.@.............%.p............................text.....%.......%................. ..`.rdata........%.......%.............@..@.data...P&....A..X....A.............@....pdata...2....W..4....R.............@..@PyRuntim.....PY......LT.............@....rsrc.........[.......V.............@..@.reloc...D....[..F....V.............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\select.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):30488
                                                                                                                                                                                                                            Entropy (8bit):6.583657920209147
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:768:jeUeWEHqTG+RIbQGC5YiSyvkki+AMxkEGu:jeUeWEKTG+RIbQGg7Sy/rxyu
                                                                                                                                                                                                                            MD5:E07AE2F7F28305B81ADFD256716AE8C6
                                                                                                                                                                                                                            SHA1:9222CD34C14A116E7B9B70A82F72FC523EF2B2F6
                                                                                                                                                                                                                            SHA-256:FB06AC13F8B444C3F7AE5D2AF15710A4E60A126C3C61A1F1E1683F05F685626C
                                                                                                                                                                                                                            SHA-512:ACB143194CA465936A48366265AE3E11A2256AEAE333C576C8C74F8ED9B60987DAFF81647AEF74E236B30687A28BC7E3AA21C6AEDBFA47B1501658A2BFD117B4
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V..t.s.'.s.'.s.'..7'.s.'...&.s.'...&.s.'...&.s.'...&.s.'(.&.s.'.s.'Ps.'Y..&.s.'(.&.s.'(.&.s.'(.['.s.'(.&.s.'Rich.s.'........PE..d......e.........." ...%.....2.......................................................J....`..........................................@..L...,A..x....p.......`.......H.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\ucrtbase.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1044880
                                                                                                                                                                                                                            Entropy (8bit):6.646904878375534
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:24576:ZsKxVJ/pRRK0Y/9f5rl4NbpjONcncvE4mxvSZX0yp49H:OKxDPHQ5rlQBvhV
                                                                                                                                                                                                                            MD5:5CE1730D8C2B332C2285902BC53AC5C4
                                                                                                                                                                                                                            SHA1:28DA42431AC9F358FCDDE9C81B9554E773B1A3F4
                                                                                                                                                                                                                            SHA-256:7A446ABE717BE7AEC33FA31F5864C293E408D4B48CD5DEFA13212A207A9E5E87
                                                                                                                                                                                                                            SHA-512:33327E4751D5A1B496CD88A4F8C76B79D63BAAF15E3E3843E09E9DC32B8ACD86FEF8E09FABC4498D64354A79D63E0364D3909FDD6933F75E548A07489B9CA4F6
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........of...5...5...5..5...5...5&..5...5...5...4...5...4...5...4...5...4...5...4..5...5...5...4...5Rich...5........PE..d......C.........." .....:..........0Z....................................................`A................................................................. ...........E.............p........................... f..............................................text...09.......:.................. ..`.rdata..^....P.......>..............@..@.data....&..........................@....pdata....... ......................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\unicodedata.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1141016
                                                                                                                                                                                                                            Entropy (8bit):5.435118418691938
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:iYPYbfjwR6nb8onRiPDjRrO5184EPYPx++ZiLKGZ5KXyVH4eDq97:iaYbM90IDJcjEwPgPOG6Xyd46q97
                                                                                                                                                                                                                            MD5:5CC36A5DE45A2C16035ADE016B4348EB
                                                                                                                                                                                                                            SHA1:35B159110E284B83B7065D2CFF0B5EF4CCFA7BF1
                                                                                                                                                                                                                            SHA-256:F28AC3E3AD02F9E1D8B22DF15FA30B2190B080261A9ADC6855248548CD870D20
                                                                                                                                                                                                                            SHA-512:9CCCBF81E80C32976B7B2E0E3978E8F7350CCE542356131B24EBAB34B256EFD44643D41EE4B2994B9152C2E5AF302AA182A1889C99605140F47494A501EF46C1
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........L..L..L..E.q.J..Y..N..Y..A..Y..D..Y..O..vE.O.....N..L.....vE.M..vE.M..vE..M..vE..M..RichL..........................PE..d......e.........." ...%.@..........P*..............................................o.....`.............................................X............`.......P..0....:.../...p.......]..T............................[..@............P..x............................text....>.......@.................. ..`.rdata.......P.......D..............@..@.data...H....0......................@....pdata..0....P.......&..............@..@.rsrc........`......................@..@.reloc.......p.......8..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\zstandard\_cffi.cp311-win_amd64.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):650752
                                                                                                                                                                                                                            Entropy (8bit):6.4073215909095005
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6144:rbTutDqcmbgSZZ/jZMaBHXD/OHHSAU1gIkpWCuMshv9K1HFV1jBjgG4LFxJY/1n:rfrcmsSHBHXiSArRENMivwF1jdgs/1n
                                                                                                                                                                                                                            MD5:A19B5E6324D1A6A9FD99C98FE7B83FE2
                                                                                                                                                                                                                            SHA1:4E3E56754A3C46C661EF591A4B5A5985BD4F6B85
                                                                                                                                                                                                                            SHA-256:3ED00BB5876EAFA617BEBB213D2BC887B5637C53C4A849FCC2366084BF056787
                                                                                                                                                                                                                            SHA-512:5975F90036CB7D3013FC6815F2C372EB9B89AF6C8153D1770EBBD70BF5B61E3B12DEFA3D7A4CCD364BD6A978B2879A15801D2AEC8BAD9221CA15DFFC9B7BA929
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................1....!X............!X.....!X.....!X......Z............_......_......_]....._.....Rich...........................PE..d...B'.f.........." ...(.....\...... ........................................0............`.........................................0...\........................3........... .......d..............................Pc..@...............@............................text...H........................... ..`.rdata..b...........................@..@.data...............................@....pdata...3.......4..................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI67442\zstandard\backend_c.cp311-win_amd64.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):519680
                                                                                                                                                                                                                            Entropy (8bit):6.407145343537454
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:n5vDYEvt0Fwyow0k1rErp645rtxvi1gRNg5sXgz0:npBvt0Fw9fk1rErQ45rt5RNZ
                                                                                                                                                                                                                            MD5:56DB4A861AEC914A860461DEDCDCA0A0
                                                                                                                                                                                                                            SHA1:8535A8C9EAC371A54308795A8BBE89414933E035
                                                                                                                                                                                                                            SHA-256:6AB611C4A24406D9D97F09D49D50142AB2734B69A2B0D9EA6489E4AF90C4A2A4
                                                                                                                                                                                                                            SHA-512:600A21666E9ED334DE5B4B17F60136434EE485C80F9740E6085E24EF95CA5376E6223A54C6B1C8F12987EDAB5D89AF9676CC12E2A335F4C4E9AB79DFEF8E4B90
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........................P.............P......P......P......R........4...W......W......Wn.....W.....Rich...........PE..d...<'.f.........." ...(............ ........................................0............`.............................................d...D....................)........... ..d...0\...............................Z..@...............(............................text...H........................... ..`.rdata..............................@..@.data....-.......(..................@....pdata...).......*..................@..@.rsrc...............................@..@.reloc..d.... ......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            Static File Info

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            File type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Entropy (8bit):7.994718615690012
                                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                                            • Win64 Executable Console (202006/5) 77.37%
                                                                                                                                                                                                                            • InstallShield setup (43055/19) 16.49%
                                                                                                                                                                                                                            • Win64 Executable (generic) (12005/4) 4.60%
                                                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.77%
                                                                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.77%
                                                                                                                                                                                                                            File name:GV7DzNoqCI.exe
                                                                                                                                                                                                                            File size:13'108'334 bytes
                                                                                                                                                                                                                            MD5:6f4d9644a0db30c5961cc6716912e10c
                                                                                                                                                                                                                            SHA1:8cee9bf225613f57e963368ad598260790446df0
                                                                                                                                                                                                                            SHA256:621647c8bb5f6b42caa1de9898312f19f62ad80ae36cfc24a621fc2ec6454a42
                                                                                                                                                                                                                            SHA512:453142f89b6a03a4817c0bbfd6f4387cd651695c3fd4fb053084c21fcdf9d2b3084d561f93233b0d3ddcc76ae170abc6e68bc71ea192aa28ad5503eb46411de3
                                                                                                                                                                                                                            SSDEEP:393216:wVVhZ2YsHFUK2Jn1+TtIiFo/Wh8yi9mPDnaXd:ULZ2YwUlJn1QtIN/68yZDaXd
                                                                                                                                                                                                                            TLSH:33D633A9A3B118E8C8AE803DD1DAC185EBA17CD677E5C58F27D81B130F575918E3F602
                                                                                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................................1.............-.............................................H.......H.......Rich...................

                                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                                            Icon Hash:2e1e7c4c4c61e979

                                                                                                                                                                                                                            Static PE Info

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Entrypoint:0x14000a6a0
                                                                                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                                                                                            Digitally signed:false
                                                                                                                                                                                                                            Imagebase:0x140000000
                                                                                                                                                                                                                            Subsystem:windows cui
                                                                                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                            Time Stamp:0x671C2E35 [Fri Oct 25 23:48:05 2024 UTC]
                                                                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                                                            OS Version Major:5
                                                                                                                                                                                                                            OS Version Minor:2
                                                                                                                                                                                                                            File Version Major:5
                                                                                                                                                                                                                            File Version Minor:2
                                                                                                                                                                                                                            Subsystem Version Major:5
                                                                                                                                                                                                                            Subsystem Version Minor:2
                                                                                                                                                                                                                            Import Hash:ba5546933531fafa869b1f86a4e2a959

                                                                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                                                                            Instruction
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            sub esp, 28h
                                                                                                                                                                                                                            call 00007F7C10DD1E9Ch
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            add esp, 28h
                                                                                                                                                                                                                            jmp 00007F7C10DD1A9Fh
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            sub esp, 28h
                                                                                                                                                                                                                            call 00007F7C10DD23E4h
                                                                                                                                                                                                                            test eax, eax
                                                                                                                                                                                                                            je 00007F7C10DD1C53h
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov eax, dword ptr [00000030h]
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                                                            jmp 00007F7C10DD1C37h
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            cmp ecx, eax
                                                                                                                                                                                                                            je 00007F7C10DD1C46h
                                                                                                                                                                                                                            xor eax, eax
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            cmpxchg dword ptr [00041E8Ch], ecx
                                                                                                                                                                                                                            jne 00007F7C10DD1C20h
                                                                                                                                                                                                                            xor al, al
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            add esp, 28h
                                                                                                                                                                                                                            ret
                                                                                                                                                                                                                            mov al, 01h
                                                                                                                                                                                                                            jmp 00007F7C10DD1C29h
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            inc eax
                                                                                                                                                                                                                            push ebx
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            sub esp, 20h
                                                                                                                                                                                                                            movzx eax, byte ptr [00041E77h]
                                                                                                                                                                                                                            test ecx, ecx
                                                                                                                                                                                                                            mov ebx, 00000001h
                                                                                                                                                                                                                            cmove eax, ebx
                                                                                                                                                                                                                            mov byte ptr [00041E67h], al
                                                                                                                                                                                                                            call 00007F7C10DD21E3h
                                                                                                                                                                                                                            call 00007F7C10DD3312h
                                                                                                                                                                                                                            test al, al
                                                                                                                                                                                                                            jne 00007F7C10DD1C36h
                                                                                                                                                                                                                            xor al, al
                                                                                                                                                                                                                            jmp 00007F7C10DD1C46h
                                                                                                                                                                                                                            call 00007F7C10DE06F1h
                                                                                                                                                                                                                            test al, al
                                                                                                                                                                                                                            jne 00007F7C10DD1C3Bh
                                                                                                                                                                                                                            xor ecx, ecx
                                                                                                                                                                                                                            call 00007F7C10DD3322h
                                                                                                                                                                                                                            jmp 00007F7C10DD1C1Ch
                                                                                                                                                                                                                            mov al, bl
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            add esp, 20h
                                                                                                                                                                                                                            pop ebx
                                                                                                                                                                                                                            ret
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            inc eax
                                                                                                                                                                                                                            push ebx
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            sub esp, 20h
                                                                                                                                                                                                                            cmp byte ptr [00041E2Ch], 00000000h
                                                                                                                                                                                                                            mov ebx, ecx
                                                                                                                                                                                                                            jne 00007F7C10DD1C99h
                                                                                                                                                                                                                            cmp ecx, 01h
                                                                                                                                                                                                                            jnbe 00007F7C10DD1C9Ch
                                                                                                                                                                                                                            call 00007F7C10DD234Ah
                                                                                                                                                                                                                            test eax, eax
                                                                                                                                                                                                                            je 00007F7C10DD1C5Ah

                                                                                                                                                                                                                            Data Directories

                                                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x3bb940x3c.rdata
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x520000xf004.rsrc
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x4e0000x20e8.pdata
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x620000x75c.reloc
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x393500x1c.rdata
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x392100x140.rdata
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x2a0000x350.rdata
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                            Sections

                                                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                            .text0x10000x288900x28a007c71956ea75242f33df45f4d2c19a4d8False0.5562019230769231zlib compressed data6.489977853279916IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                            .rdata0x2a0000x1271a0x128003fbb4ae9da19e28261813f9cd4d59136False0.515941722972973data5.84627245023631IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                            .data0x3d0000x103f80xe009bd2cebaa3285e8e266c4c373a15119dFalse0.13337053571428573DOS executable (block device driver \377\3)1.808915577448681IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                            .pdata0x4e0000x20e80x2200f2a57235499cb8c84daf2de6f18a85ebFalse0.4756433823529412data5.330974160786823IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                            _RDATA0x510000x15c0x20032c20bb907888de565d4d8836d097016False0.392578125data2.795351059303424IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                            .rsrc0x520000xf0040xf2001ab3512333bf10a0c6fc66b2cb2093a4False0.7950025826446281data7.356246179782812IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                            .reloc0x620000x75c0x800b7279c82d58eeae8dc663879402c6f2eFalse0.54296875data5.238892234772638IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                            Resources

                                                                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                            RT_ICON0x522080xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.56636460554371
                                                                                                                                                                                                                            RT_ICON0x530b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.7287906137184116
                                                                                                                                                                                                                            RT_ICON0x539580x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.7471098265895953
                                                                                                                                                                                                                            RT_ICON0x53ec00x909bPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9971636186822983
                                                                                                                                                                                                                            RT_ICON0x5cf5c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.38309128630705397
                                                                                                                                                                                                                            RT_ICON0x5f5040x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.4826454033771107
                                                                                                                                                                                                                            RT_ICON0x605ac0x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.699468085106383
                                                                                                                                                                                                                            RT_GROUP_ICON0x60a140x68data0.7019230769230769
                                                                                                                                                                                                                            RT_MANIFEST0x60a7c0x587XML 1.0 document, ASCII text, with CRLF line terminators0.44593639575971733

                                                                                                                                                                                                                            Imports

                                                                                                                                                                                                                            DLLImport
                                                                                                                                                                                                                            KERNEL32.dllGetCommandLineW, GetEnvironmentVariableW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, LoadLibraryExW, SetConsoleCtrlHandler, FindClose, FindFirstFileExW, CloseHandle, GetCurrentProcess, LocalFree, FormatMessageW, MultiByteToWideChar, WideCharToMultiByte, WriteConsoleW, GetProcAddress, GetModuleFileNameW, SetDllDirectoryW, FreeLibrary, GetLastError, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetModuleHandleW, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindNextFileW, SetStdHandle, DeleteFileW, ReadFile, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW, GetCurrentDirectoryW, FlushFileBuffers, HeapReAlloc, GetFileAttributesExW, GetStringTypeW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, SetEndOfFile
                                                                                                                                                                                                                            ADVAPI32.dllConvertSidToStringSidW, GetTokenInformation, OpenProcessToken, ConvertStringSecurityDescriptorToSecurityDescriptorW

                                                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                                                                            UDP Packets

                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                            Dec 18, 2024 13:20:22.734834909 CET5569353192.168.2.41.1.1.1
                                                                                                                                                                                                                            Dec 18, 2024 13:20:22.872891903 CET53556931.1.1.1192.168.2.4

                                                                                                                                                                                                                            DNS Queries

                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                            Dec 18, 2024 13:20:22.734834909 CET192.168.2.41.1.1.10xb8a3Standard query (0)ssh.0523qyfw.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                            DNS Answers

                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                            Dec 18, 2024 13:19:50.859011889 CET1.1.1.1192.168.2.40xccb9No error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comdefault.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                            Dec 18, 2024 13:19:50.859011889 CET1.1.1.1192.168.2.40xccb9No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.58.100A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Dec 18, 2024 13:19:50.859011889 CET1.1.1.1192.168.2.40xccb9No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.58.98A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Dec 18, 2024 13:19:50.859011889 CET1.1.1.1192.168.2.40xccb9No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.58.101A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Dec 18, 2024 13:19:50.859011889 CET1.1.1.1192.168.2.40xccb9No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.58.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Dec 18, 2024 13:19:55.101881027 CET1.1.1.1192.168.2.40xdf51No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                            Dec 18, 2024 13:19:55.101881027 CET1.1.1.1192.168.2.40xdf51No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Dec 18, 2024 13:20:22.872891903 CET1.1.1.1192.168.2.40xb8a3Name error (3)ssh.0523qyfw.comnonenoneA (IP address)IN (0x0001)false

                                                                                                                                                                                                                            Statistics

                                                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                                            Behavior

                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                            System Behavior

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                                            Start time:07:20:15
                                                                                                                                                                                                                            Start date:18/12/2024
                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\GV7DzNoqCI.exe"
                                                                                                                                                                                                                            Imagebase:0x7ff7f77e0000
                                                                                                                                                                                                                            File size:13'108'334 bytes
                                                                                                                                                                                                                            MD5 hash:6F4D9644A0DB30C5961CC6716912E10C
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:1
                                                                                                                                                                                                                            Start time:07:20:15
                                                                                                                                                                                                                            Start date:18/12/2024
                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:2
                                                                                                                                                                                                                            Start time:07:20:17
                                                                                                                                                                                                                            Start date:18/12/2024
                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\GV7DzNoqCI.exe"
                                                                                                                                                                                                                            Imagebase:0x7ff7f77e0000
                                                                                                                                                                                                                            File size:13'108'334 bytes
                                                                                                                                                                                                                            MD5 hash:6F4D9644A0DB30C5961CC6716912E10C
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            Disassembly

                                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                              Execution Coverage:12.3%
                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                              Signature Coverage:16.8%
                                                                                                                                                                                                                              Total number of Nodes:2000
                                                                                                                                                                                                                              Total number of Limit Nodes:67
                                                                                                                                                                                                                              execution_graph 19286 7ff7f7800620 19304 7ff7f77ff808 EnterCriticalSection 19286->19304 15225 7ff7f77ea51c 15246 7ff7f77ea6fc 15225->15246 15228 7ff7f77ea673 15353 7ff7f77eaa2c IsProcessorFeaturePresent 15228->15353 15229 7ff7f77ea53d __scrt_acquire_startup_lock 15231 7ff7f77ea67d 15229->15231 15236 7ff7f77ea55b __scrt_release_startup_lock 15229->15236 15232 7ff7f77eaa2c 7 API calls 15231->15232 15234 7ff7f77ea688 __GetCurrentState 15232->15234 15233 7ff7f77ea580 15235 7ff7f77ea606 15254 7ff7f77f8738 15235->15254 15236->15233 15236->15235 15342 7ff7f77f8ae4 15236->15342 15239 7ff7f77ea60b 15260 7ff7f77e1000 15239->15260 15243 7ff7f77ea62f 15243->15234 15349 7ff7f77ea890 15243->15349 15360 7ff7f77eaccc 15246->15360 15249 7ff7f77ea72b 15362 7ff7f77f91ec 15249->15362 15250 7ff7f77ea535 15250->15228 15250->15229 15255 7ff7f77f8748 15254->15255 15256 7ff7f77f875d 15254->15256 15255->15256 15405 7ff7f77f81c8 15255->15405 15256->15239 15261 7ff7f77e1011 15260->15261 15467 7ff7f77e67c0 15261->15467 15263 7ff7f77e1023 15474 7ff7f77f4f7c 15263->15474 15265 7ff7f77e27ab 15481 7ff7f77e1af0 15265->15481 15269 7ff7f77ea100 _wfindfirst32i64 8 API calls 15270 7ff7f77e28de 15269->15270 15347 7ff7f77eab80 GetModuleHandleW 15270->15347 15271 7ff7f77e27c9 15334 7ff7f77e28ca 15271->15334 15497 7ff7f77e2c50 15271->15497 15273 7ff7f77e27fb 15273->15334 15500 7ff7f77e5af0 15273->15500 15275 7ff7f77e2817 15276 7ff7f77e2863 15275->15276 15278 7ff7f77e5af0 92 API calls 15275->15278 15515 7ff7f77e60f0 15276->15515 15283 7ff7f77e2838 __std_exception_copy 15278->15283 15279 7ff7f77e2878 15519 7ff7f77e19d0 15279->15519 15282 7ff7f77e296d 15285 7ff7f77e2998 15282->15285 15641 7ff7f77e24a0 15282->15641 15283->15276 15288 7ff7f77e60f0 89 API calls 15283->15288 15284 7ff7f77e19d0 121 API calls 15287 7ff7f77e28ae 15284->15287 15293 7ff7f77e29db 15285->15293 15530 7ff7f77e6db0 15285->15530 15291 7ff7f77e28f0 15287->15291 15292 7ff7f77e28b2 15287->15292 15288->15276 15290 7ff7f77e29b8 15294 7ff7f77e29ce SetDllDirectoryW 15290->15294 15295 7ff7f77e29bd 15290->15295 15291->15282 15618 7ff7f77e2de0 15291->15618 15612 7ff7f77e1c50 15292->15612 15544 7ff7f77e4fa0 15293->15544 15294->15293 15298 7ff7f77e1c50 86 API calls 15295->15298 15298->15334 15302 7ff7f77e2912 15307 7ff7f77e1c50 86 API calls 15302->15307 15303 7ff7f77e2a36 15310 7ff7f77e2af6 15303->15310 15316 7ff7f77e2a49 15303->15316 15306 7ff7f77e2940 15306->15282 15309 7ff7f77e2945 15306->15309 15307->15334 15308 7ff7f77e29f8 15308->15303 15655 7ff7f77e47a0 15308->15655 15637 7ff7f77ee60c 15309->15637 15548 7ff7f77e2330 15310->15548 15323 7ff7f77e2a95 15316->15323 15749 7ff7f77e1b30 15316->15749 15317 7ff7f77e2a2c 15322 7ff7f77e49f0 FreeLibrary 15317->15322 15318 7ff7f77e2a0d 15675 7ff7f77e4730 15318->15675 15322->15303 15323->15334 15753 7ff7f77e22d0 15323->15753 15324 7ff7f77e2a17 15324->15317 15326 7ff7f77e2a1b 15324->15326 15325 7ff7f77e2b2b 15327 7ff7f77e5af0 92 API calls 15325->15327 15743 7ff7f77e4df0 15326->15743 15332 7ff7f77e2b37 15327->15332 15330 7ff7f77e2ad1 15333 7ff7f77e49f0 FreeLibrary 15330->15333 15332->15334 15565 7ff7f77e6130 15332->15565 15333->15334 15334->15269 15343 7ff7f77f8b1c 15342->15343 15344 7ff7f77f8afb 15342->15344 17993 7ff7f77f9238 15343->17993 15344->15235 15348 7ff7f77eab91 15347->15348 15348->15243 15350 7ff7f77ea8a1 15349->15350 15351 7ff7f77ea646 15350->15351 15352 7ff7f77ebe28 __scrt_initialize_crt 7 API calls 15350->15352 15351->15233 15352->15351 15354 7ff7f77eaa52 _wfindfirst32i64 memcpy_s 15353->15354 15355 7ff7f77eaa71 RtlCaptureContext RtlLookupFunctionEntry 15354->15355 15356 7ff7f77eaad6 memcpy_s 15355->15356 15357 7ff7f77eaa9a RtlVirtualUnwind 15355->15357 15358 7ff7f77eab08 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15356->15358 15357->15356 15359 7ff7f77eab5a _wfindfirst32i64 15358->15359 15359->15231 15361 7ff7f77ea71e __scrt_dllmain_crt_thread_attach 15360->15361 15361->15249 15361->15250 15363 7ff7f780264c 15362->15363 15364 7ff7f77ea730 15363->15364 15372 7ff7f77fbb50 15363->15372 15364->15250 15366 7ff7f77ebe28 15364->15366 15367 7ff7f77ebe30 15366->15367 15368 7ff7f77ebe3a 15366->15368 15384 7ff7f77ec1a4 15367->15384 15368->15250 15383 7ff7f77ff808 EnterCriticalSection 15372->15383 15385 7ff7f77ec1b3 15384->15385 15386 7ff7f77ebe35 15384->15386 15392 7ff7f77ec3e0 15385->15392 15388 7ff7f77ec210 15386->15388 15389 7ff7f77ec23b 15388->15389 15390 7ff7f77ec23f 15389->15390 15391 7ff7f77ec21e DeleteCriticalSection 15389->15391 15390->15368 15391->15389 15396 7ff7f77ec248 15392->15396 15397 7ff7f77ec362 TlsFree 15396->15397 15398 7ff7f77ec28c __vcrt_InitializeCriticalSectionEx 15396->15398 15398->15397 15399 7ff7f77ec2ba LoadLibraryExW 15398->15399 15402 7ff7f77ec351 GetProcAddress 15398->15402 15404 7ff7f77ec2fd LoadLibraryExW 15398->15404 15400 7ff7f77ec331 15399->15400 15401 7ff7f77ec2db GetLastError 15399->15401 15400->15402 15403 7ff7f77ec348 FreeLibrary 15400->15403 15401->15398 15402->15397 15403->15402 15404->15398 15404->15400 15406 7ff7f77f81e1 15405->15406 15413 7ff7f77f81dd 15405->15413 15426 7ff7f7801bfc GetEnvironmentStringsW 15406->15426 15409 7ff7f77f81ee 15412 7ff7f77f9f78 __free_lconv_mon 11 API calls 15409->15412 15410 7ff7f77f81fa 15433 7ff7f77f8348 15410->15433 15412->15413 15413->15256 15418 7ff7f77f8588 15413->15418 15415 7ff7f77f9f78 __free_lconv_mon 11 API calls 15416 7ff7f77f8221 15415->15416 15417 7ff7f77f9f78 __free_lconv_mon 11 API calls 15416->15417 15417->15413 15419 7ff7f77f85ab 15418->15419 15424 7ff7f77f85c2 15418->15424 15419->15256 15420 7ff7f77fdeb8 _wfindfirst32i64 11 API calls 15420->15424 15421 7ff7f77f8636 15423 7ff7f77f9f78 __free_lconv_mon 11 API calls 15421->15423 15422 7ff7f77fe870 MultiByteToWideChar _fread_nolock 15422->15424 15423->15419 15424->15419 15424->15420 15424->15421 15424->15422 15425 7ff7f77f9f78 __free_lconv_mon 11 API calls 15424->15425 15425->15424 15427 7ff7f77f81e6 15426->15427 15428 7ff7f7801c20 15426->15428 15427->15409 15427->15410 15429 7ff7f77fcc2c _fread_nolock 12 API calls 15428->15429 15430 7ff7f7801c57 memcpy_s 15429->15430 15431 7ff7f77f9f78 __free_lconv_mon 11 API calls 15430->15431 15432 7ff7f7801c77 FreeEnvironmentStringsW 15431->15432 15432->15427 15434 7ff7f77f8370 15433->15434 15435 7ff7f77fdeb8 _wfindfirst32i64 11 API calls 15434->15435 15448 7ff7f77f83ab 15435->15448 15436 7ff7f77f83b3 15437 7ff7f77f9f78 __free_lconv_mon 11 API calls 15436->15437 15438 7ff7f77f8202 15437->15438 15438->15415 15439 7ff7f77f842d 15440 7ff7f77f9f78 __free_lconv_mon 11 API calls 15439->15440 15440->15438 15441 7ff7f77fdeb8 _wfindfirst32i64 11 API calls 15441->15448 15442 7ff7f77f841c 15461 7ff7f77f8464 15442->15461 15446 7ff7f77f9f78 __free_lconv_mon 11 API calls 15446->15436 15447 7ff7f77f8450 15449 7ff7f77f9f30 _wfindfirst32i64 17 API calls 15447->15449 15448->15436 15448->15439 15448->15441 15448->15442 15448->15447 15450 7ff7f77f9f78 __free_lconv_mon 11 API calls 15448->15450 15452 7ff7f77ff9a4 15448->15452 15451 7ff7f77f8462 15449->15451 15450->15448 15453 7ff7f77ff9b1 15452->15453 15454 7ff7f77ff9bb 15452->15454 15453->15454 15458 7ff7f77ff9d7 15453->15458 15455 7ff7f77f6088 _wfindfirst32i64 11 API calls 15454->15455 15460 7ff7f77ff9c3 15455->15460 15456 7ff7f77f9f10 _invalid_parameter_noinfo 37 API calls 15457 7ff7f77ff9cf 15456->15457 15457->15448 15458->15457 15459 7ff7f77f6088 _wfindfirst32i64 11 API calls 15458->15459 15459->15460 15460->15456 15462 7ff7f77f8424 15461->15462 15463 7ff7f77f8469 15461->15463 15462->15446 15464 7ff7f77f8492 15463->15464 15466 7ff7f77f9f78 __free_lconv_mon 11 API calls 15463->15466 15465 7ff7f77f9f78 __free_lconv_mon 11 API calls 15464->15465 15465->15462 15466->15463 15469 7ff7f77e67df 15467->15469 15468 7ff7f77e6830 WideCharToMultiByte 15468->15469 15471 7ff7f77e68d8 15468->15471 15469->15468 15470 7ff7f77e6886 WideCharToMultiByte 15469->15470 15469->15471 15473 7ff7f77e67e7 __std_exception_copy 15469->15473 15470->15469 15470->15471 15781 7ff7f77e1cb0 15471->15781 15473->15263 15477 7ff7f77fecc0 15474->15477 15475 7ff7f77fed13 15476 7ff7f77f9e44 _invalid_parameter_noinfo 37 API calls 15475->15476 15480 7ff7f77fed3c 15476->15480 15477->15475 15478 7ff7f77fed66 15477->15478 16131 7ff7f77feb98 15478->16131 15480->15265 15482 7ff7f77e1b05 15481->15482 15483 7ff7f77e1b20 15482->15483 16139 7ff7f77e1c10 15482->16139 15483->15334 15485 7ff7f77e2cd0 15483->15485 16162 7ff7f77ea130 15485->16162 15488 7ff7f77e2d22 16164 7ff7f77e6ec0 15488->16164 15489 7ff7f77e2d0b 15490 7ff7f77e1cb0 86 API calls 15489->15490 15492 7ff7f77e2d1e 15490->15492 15494 7ff7f77ea100 _wfindfirst32i64 8 API calls 15492->15494 15496 7ff7f77e2d5f 15494->15496 15495 7ff7f77e1c50 86 API calls 15495->15492 15496->15271 15498 7ff7f77e1b30 49 API calls 15497->15498 15499 7ff7f77e2c6d 15498->15499 15499->15273 15501 7ff7f77e5afa 15500->15501 15502 7ff7f77e6db0 88 API calls 15501->15502 15503 7ff7f77e5b1c GetEnvironmentVariableW 15502->15503 15504 7ff7f77e5b34 ExpandEnvironmentStringsW 15503->15504 15505 7ff7f77e5b86 15503->15505 15507 7ff7f77e6ec0 88 API calls 15504->15507 15506 7ff7f77ea100 _wfindfirst32i64 8 API calls 15505->15506 15509 7ff7f77e5b98 15506->15509 15508 7ff7f77e5b5c 15507->15508 15508->15505 15510 7ff7f77e5b66 15508->15510 15509->15275 16175 7ff7f77f926c 15510->16175 15513 7ff7f77ea100 _wfindfirst32i64 8 API calls 15514 7ff7f77e5b7e 15513->15514 15514->15275 15516 7ff7f77e6db0 88 API calls 15515->15516 15517 7ff7f77e6107 SetEnvironmentVariableW 15516->15517 15518 7ff7f77e611f __std_exception_copy 15517->15518 15518->15279 15520 7ff7f77e1b30 49 API calls 15519->15520 15521 7ff7f77e1a00 15520->15521 15522 7ff7f77e1b30 49 API calls 15521->15522 15529 7ff7f77e1a7a 15521->15529 15523 7ff7f77e1a22 15522->15523 15524 7ff7f77e2c50 49 API calls 15523->15524 15523->15529 15525 7ff7f77e1a3b 15524->15525 16182 7ff7f77e17b0 15525->16182 15528 7ff7f77ee60c 74 API calls 15528->15529 15529->15282 15529->15284 15531 7ff7f77e6dd1 MultiByteToWideChar 15530->15531 15532 7ff7f77e6e57 MultiByteToWideChar 15530->15532 15533 7ff7f77e6e1c 15531->15533 15534 7ff7f77e6df7 15531->15534 15535 7ff7f77e6e9f 15532->15535 15536 7ff7f77e6e7a 15532->15536 15533->15532 15541 7ff7f77e6e32 15533->15541 15537 7ff7f77e1cb0 86 API calls 15534->15537 15535->15290 15538 7ff7f77e1cb0 86 API calls 15536->15538 15539 7ff7f77e6e0a 15537->15539 15540 7ff7f77e6e8d 15538->15540 15539->15290 15540->15290 15542 7ff7f77e1cb0 86 API calls 15541->15542 15543 7ff7f77e6e45 15542->15543 15543->15290 15545 7ff7f77e4fb5 15544->15545 15546 7ff7f77e29e0 15545->15546 15547 7ff7f77e1c10 86 API calls 15545->15547 15546->15303 15645 7ff7f77e4c40 15546->15645 15547->15546 15550 7ff7f77e23e4 15548->15550 15555 7ff7f77e23a3 15548->15555 15549 7ff7f77e2423 15552 7ff7f77ea100 _wfindfirst32i64 8 API calls 15549->15552 15550->15549 15551 7ff7f77e1ab0 74 API calls 15550->15551 15551->15550 15553 7ff7f77e2435 15552->15553 15553->15334 15558 7ff7f77e6080 15553->15558 15555->15550 16255 7ff7f77e1440 15555->16255 16289 7ff7f77e1dc0 15555->16289 16344 7ff7f77e1780 15555->16344 15559 7ff7f77e6db0 88 API calls 15558->15559 15560 7ff7f77e609f 15559->15560 15561 7ff7f77e6db0 88 API calls 15560->15561 15562 7ff7f77e60af 15561->15562 15563 7ff7f77f6818 38 API calls 15562->15563 15564 7ff7f77e60bd __std_exception_copy 15563->15564 15564->15325 15566 7ff7f77e6140 15565->15566 15567 7ff7f77e6db0 88 API calls 15566->15567 15568 7ff7f77e6171 SetConsoleCtrlHandler GetStartupInfoW 15567->15568 15569 7ff7f77e61d2 15568->15569 17198 7ff7f77f92e4 15569->17198 15613 7ff7f77e1c6e 15612->15613 15614 7ff7f77e1b90 78 API calls 15613->15614 15615 7ff7f77e1c8c 15614->15615 15616 7ff7f77e1d00 86 API calls 15615->15616 15617 7ff7f77e1c9b 15616->15617 15617->15334 15619 7ff7f77e2dec 15618->15619 15620 7ff7f77e6db0 88 API calls 15619->15620 15621 7ff7f77e2e17 15620->15621 15622 7ff7f77e6db0 88 API calls 15621->15622 15623 7ff7f77e2e2a 15622->15623 17254 7ff7f77f5538 15623->17254 15626 7ff7f77ea100 _wfindfirst32i64 8 API calls 15627 7ff7f77e290a 15626->15627 15627->15302 15628 7ff7f77e6360 15627->15628 15629 7ff7f77e6384 15628->15629 15630 7ff7f77e645b __std_exception_copy 15629->15630 15631 7ff7f77eec94 73 API calls 15629->15631 15630->15306 15632 7ff7f77e639e 15631->15632 15632->15630 17633 7ff7f77f7a9c 15632->17633 15634 7ff7f77e63b3 15634->15630 15635 7ff7f77eec94 73 API calls 15634->15635 15636 7ff7f77ee95c _fread_nolock 53 API calls 15634->15636 15635->15634 15636->15634 15638 7ff7f77ee63c 15637->15638 17648 7ff7f77ee3e8 15638->17648 15640 7ff7f77ee655 15640->15302 15642 7ff7f77e24b7 15641->15642 15643 7ff7f77e24e0 15641->15643 15642->15643 15644 7ff7f77e1780 86 API calls 15642->15644 15643->15285 15644->15642 15646 7ff7f77e4c64 15645->15646 15650 7ff7f77e4c91 15645->15650 15647 7ff7f77e4c8c 15646->15647 15649 7ff7f77e1780 86 API calls 15646->15649 15646->15650 15654 7ff7f77e4c87 __std_exception_copy memcpy_s 15646->15654 17659 7ff7f77e12b0 15647->17659 15649->15646 15650->15654 17685 7ff7f77e2e60 15650->17685 15652 7ff7f77e4cf7 15653 7ff7f77e1c50 86 API calls 15652->15653 15652->15654 15653->15654 15654->15308 15661 7ff7f77e47ba memcpy_s 15655->15661 15656 7ff7f77e48df 15659 7ff7f77e2e60 49 API calls 15656->15659 15658 7ff7f77e48fb 15660 7ff7f77e1c50 86 API calls 15658->15660 15662 7ff7f77e4958 15659->15662 15666 7ff7f77e48f1 __std_exception_copy 15660->15666 15661->15656 15661->15658 15661->15661 15663 7ff7f77e2e60 49 API calls 15661->15663 15664 7ff7f77e48c0 15661->15664 15672 7ff7f77e1440 158 API calls 15661->15672 15673 7ff7f77e48e1 15661->15673 17688 7ff7f77e1650 15661->17688 15665 7ff7f77e2e60 49 API calls 15662->15665 15663->15661 15664->15656 15667 7ff7f77e2e60 49 API calls 15664->15667 15668 7ff7f77e4988 15665->15668 15669 7ff7f77ea100 _wfindfirst32i64 8 API calls 15666->15669 15667->15656 15671 7ff7f77e2e60 49 API calls 15668->15671 15670 7ff7f77e2a09 15669->15670 15670->15317 15670->15318 15671->15666 15672->15661 15674 7ff7f77e1c50 86 API calls 15673->15674 15674->15666 17693 7ff7f77e6310 15675->17693 15677 7ff7f77e4742 15678 7ff7f77e6310 89 API calls 15677->15678 15679 7ff7f77e4755 15678->15679 15680 7ff7f77e477a 15679->15680 15681 7ff7f77e476d GetProcAddress 15679->15681 15682 7ff7f77e1c50 86 API calls 15680->15682 15685 7ff7f77e50fc GetProcAddress 15681->15685 15692 7ff7f77e50d9 15681->15692 15684 7ff7f77e4786 15682->15684 15684->15324 15686 7ff7f77e5121 GetProcAddress 15685->15686 15685->15692 15688 7ff7f77e5146 GetProcAddress 15686->15688 15686->15692 15687 7ff7f77e1cb0 86 API calls 15689 7ff7f77e50ec 15687->15689 15690 7ff7f77e516e GetProcAddress 15688->15690 15688->15692 15689->15324 15691 7ff7f77e5196 GetProcAddress 15690->15691 15690->15692 15691->15692 15692->15687 15750 7ff7f77e1b55 15749->15750 15751 7ff7f77f3c80 49 API calls 15750->15751 15752 7ff7f77e1b78 15751->15752 15752->15323 17697 7ff7f77e3ac0 15753->17697 15756 7ff7f77e231d 15756->15330 15758 7ff7f77e22f4 15758->15756 17753 7ff7f77e3840 15758->17753 15788 7ff7f77e1d00 15781->15788 15789 7ff7f77e1d10 15788->15789 15813 7ff7f77f3c80 15789->15813 15793 7ff7f77e1d70 15846 7ff7f77e1b90 15793->15846 15796 7ff7f77ea100 _wfindfirst32i64 8 API calls 15797 7ff7f77e1cd7 GetLastError 15796->15797 15798 7ff7f77e6670 15797->15798 15799 7ff7f77e667c 15798->15799 15800 7ff7f77e669d FormatMessageW 15799->15800 15801 7ff7f77e6697 GetLastError 15799->15801 15802 7ff7f77e66d0 15800->15802 15803 7ff7f77e66ec WideCharToMultiByte 15800->15803 15801->15800 15804 7ff7f77e1cb0 83 API calls 15802->15804 15805 7ff7f77e6726 15803->15805 15806 7ff7f77e66e3 15803->15806 15804->15806 15807 7ff7f77e1cb0 83 API calls 15805->15807 15808 7ff7f77ea100 _wfindfirst32i64 8 API calls 15806->15808 15807->15806 15809 7ff7f77e1ce4 15808->15809 15810 7ff7f77e1be0 15809->15810 15811 7ff7f77e1d00 86 API calls 15810->15811 15812 7ff7f77e1c02 15811->15812 15812->15473 15816 7ff7f77f3cda 15813->15816 15814 7ff7f77f3cff 15815 7ff7f77f9e44 _invalid_parameter_noinfo 37 API calls 15814->15815 15830 7ff7f77f3d29 15815->15830 15816->15814 15817 7ff7f77f3d3b 15816->15817 15850 7ff7f77f16c4 15817->15850 15819 7ff7f77f3e18 15822 7ff7f77f9f78 __free_lconv_mon 11 API calls 15819->15822 15821 7ff7f77ea100 _wfindfirst32i64 8 API calls 15823 7ff7f77e1d58 15821->15823 15822->15830 15831 7ff7f77e6bf0 MultiByteToWideChar 15823->15831 15824 7ff7f77f3ded 15827 7ff7f77f9f78 __free_lconv_mon 11 API calls 15824->15827 15825 7ff7f77f3e3c 15825->15819 15826 7ff7f77f3e46 15825->15826 15829 7ff7f77f9f78 __free_lconv_mon 11 API calls 15826->15829 15827->15830 15828 7ff7f77f3de4 15828->15819 15828->15824 15829->15830 15830->15821 15832 7ff7f77e6c53 15831->15832 15833 7ff7f77e6c39 15831->15833 15835 7ff7f77e6c83 MultiByteToWideChar 15832->15835 15836 7ff7f77e6c69 15832->15836 15834 7ff7f77e1cb0 82 API calls 15833->15834 15845 7ff7f77e6c4c __std_exception_copy 15834->15845 15838 7ff7f77e6ca6 15835->15838 15839 7ff7f77e6cc0 WideCharToMultiByte 15835->15839 15837 7ff7f77e1cb0 82 API calls 15836->15837 15837->15845 15840 7ff7f77e1cb0 82 API calls 15838->15840 15841 7ff7f77e6cf6 15839->15841 15844 7ff7f77e6ced 15839->15844 15840->15845 15843 7ff7f77e6d1b WideCharToMultiByte 15841->15843 15841->15844 15842 7ff7f77e1cb0 82 API calls 15842->15845 15843->15844 15843->15845 15844->15842 15845->15793 15847 7ff7f77e1bb6 15846->15847 16116 7ff7f77f3b5c 15847->16116 15849 7ff7f77e1bcc 15849->15796 15851 7ff7f77f1702 15850->15851 15852 7ff7f77f16f2 15850->15852 15853 7ff7f77f170b 15851->15853 15857 7ff7f77f1739 15851->15857 15854 7ff7f77f9e44 _invalid_parameter_noinfo 37 API calls 15852->15854 15855 7ff7f77f9e44 _invalid_parameter_noinfo 37 API calls 15853->15855 15856 7ff7f77f1731 15854->15856 15855->15856 15856->15819 15856->15824 15856->15825 15856->15828 15857->15852 15857->15856 15860 7ff7f77f19e8 15857->15860 15864 7ff7f77f2614 15857->15864 15890 7ff7f77f1ea4 15857->15890 15920 7ff7f77f120c 15857->15920 15923 7ff7f77f3830 15857->15923 15862 7ff7f77f9e44 _invalid_parameter_noinfo 37 API calls 15860->15862 15862->15852 15865 7ff7f77f2656 15864->15865 15866 7ff7f77f26c9 15864->15866 15869 7ff7f77f265c 15865->15869 15872 7ff7f77f26f3 15865->15872 15867 7ff7f77f2723 15866->15867 15868 7ff7f77f26ce 15866->15868 15867->15872 15881 7ff7f77f2732 15867->15881 15888 7ff7f77f268c 15867->15888 15870 7ff7f77f2703 15868->15870 15871 7ff7f77f26d0 15868->15871 15877 7ff7f77f2661 15869->15877 15869->15881 15954 7ff7f77efd40 15870->15954 15874 7ff7f77f2671 15871->15874 15880 7ff7f77f26df 15871->15880 15947 7ff7f77f0150 15872->15947 15889 7ff7f77f2761 15874->15889 15929 7ff7f77f2f78 15874->15929 15877->15874 15879 7ff7f77f26a4 15877->15879 15877->15888 15879->15889 15939 7ff7f77f3434 15879->15939 15880->15872 15882 7ff7f77f26e4 15880->15882 15881->15889 15961 7ff7f77f0560 15881->15961 15882->15889 15943 7ff7f77f35cc 15882->15943 15884 7ff7f77ea100 _wfindfirst32i64 8 API calls 15886 7ff7f77f29f7 15884->15886 15886->15857 15888->15889 15968 7ff7f77fdb60 15888->15968 15889->15884 15891 7ff7f77f1ec5 15890->15891 15892 7ff7f77f1eaf 15890->15892 15893 7ff7f77f1f03 15891->15893 15894 7ff7f77f9e44 _invalid_parameter_noinfo 37 API calls 15891->15894 15892->15893 15895 7ff7f77f2656 15892->15895 15896 7ff7f77f26c9 15892->15896 15893->15857 15894->15893 15897 7ff7f77f26f3 15895->15897 15898 7ff7f77f265c 15895->15898 15899 7ff7f77f2723 15896->15899 15900 7ff7f77f26ce 15896->15900 15903 7ff7f77f0150 38 API calls 15897->15903 15907 7ff7f77f2661 15898->15907 15909 7ff7f77f2732 15898->15909 15899->15897 15899->15909 15918 7ff7f77f268c 15899->15918 15901 7ff7f77f2703 15900->15901 15902 7ff7f77f26d0 15900->15902 15905 7ff7f77efd40 38 API calls 15901->15905 15904 7ff7f77f2671 15902->15904 15911 7ff7f77f26df 15902->15911 15903->15918 15906 7ff7f77f2f78 47 API calls 15904->15906 15919 7ff7f77f2761 15904->15919 15905->15918 15906->15918 15907->15904 15908 7ff7f77f26a4 15907->15908 15907->15918 15912 7ff7f77f3434 47 API calls 15908->15912 15908->15919 15910 7ff7f77f0560 38 API calls 15909->15910 15909->15919 15910->15918 15911->15897 15913 7ff7f77f26e4 15911->15913 15912->15918 15915 7ff7f77f35cc 37 API calls 15913->15915 15913->15919 15914 7ff7f77ea100 _wfindfirst32i64 8 API calls 15916 7ff7f77f29f7 15914->15916 15915->15918 15916->15857 15917 7ff7f77fdb60 47 API calls 15917->15918 15918->15917 15918->15919 15919->15914 16053 7ff7f77ef314 15920->16053 15924 7ff7f77f3847 15923->15924 16070 7ff7f77fccc0 15924->16070 15930 7ff7f77f2f9a 15929->15930 15978 7ff7f77ef180 15930->15978 15935 7ff7f77f3830 45 API calls 15938 7ff7f77f30d7 15935->15938 15936 7ff7f77f3830 45 API calls 15937 7ff7f77f3160 15936->15937 15937->15888 15938->15936 15938->15937 15938->15938 15940 7ff7f77f344c 15939->15940 15942 7ff7f77f34b4 15939->15942 15941 7ff7f77fdb60 47 API calls 15940->15941 15940->15942 15941->15942 15942->15888 15946 7ff7f77f35ed 15943->15946 15944 7ff7f77f9e44 _invalid_parameter_noinfo 37 API calls 15945 7ff7f77f361e 15944->15945 15945->15888 15946->15944 15946->15945 15948 7ff7f77f0183 15947->15948 15949 7ff7f77f01b2 15948->15949 15951 7ff7f77f026f 15948->15951 15950 7ff7f77ef180 12 API calls 15949->15950 15953 7ff7f77f01ef 15949->15953 15950->15953 15952 7ff7f77f9e44 _invalid_parameter_noinfo 37 API calls 15951->15952 15952->15953 15953->15888 15955 7ff7f77efd73 15954->15955 15956 7ff7f77efda2 15955->15956 15958 7ff7f77efe5f 15955->15958 15957 7ff7f77ef180 12 API calls 15956->15957 15960 7ff7f77efddf 15956->15960 15957->15960 15959 7ff7f77f9e44 _invalid_parameter_noinfo 37 API calls 15958->15959 15959->15960 15960->15888 15962 7ff7f77f0593 15961->15962 15963 7ff7f77f05c2 15962->15963 15965 7ff7f77f067f 15962->15965 15964 7ff7f77ef180 12 API calls 15963->15964 15967 7ff7f77f05ff 15963->15967 15964->15967 15966 7ff7f77f9e44 _invalid_parameter_noinfo 37 API calls 15965->15966 15966->15967 15967->15888 15969 7ff7f77fdb88 15968->15969 15970 7ff7f77fdbcd 15969->15970 15972 7ff7f77f3830 45 API calls 15969->15972 15974 7ff7f77fdb8d memcpy_s 15969->15974 15977 7ff7f77fdbb6 memcpy_s 15969->15977 15970->15974 15970->15977 16050 7ff7f77ff138 15970->16050 15971 7ff7f77f9e44 _invalid_parameter_noinfo 37 API calls 15971->15974 15972->15970 15974->15888 15977->15971 15977->15974 15979 7ff7f77ef1b7 15978->15979 15985 7ff7f77ef1a6 15978->15985 15980 7ff7f77fcc2c _fread_nolock 12 API calls 15979->15980 15979->15985 15981 7ff7f77ef1e4 15980->15981 15982 7ff7f77ef1f8 15981->15982 15983 7ff7f77f9f78 __free_lconv_mon 11 API calls 15981->15983 15984 7ff7f77f9f78 __free_lconv_mon 11 API calls 15982->15984 15983->15982 15984->15985 15986 7ff7f77fd878 15985->15986 15987 7ff7f77fd895 15986->15987 15988 7ff7f77fd8c8 15986->15988 15989 7ff7f77f9e44 _invalid_parameter_noinfo 37 API calls 15987->15989 15988->15987 15990 7ff7f77fd8fa 15988->15990 15997 7ff7f77f30b5 15989->15997 15998 7ff7f77fda0d 15990->15998 16003 7ff7f77fd942 15990->16003 15991 7ff7f77fdaff 16041 7ff7f77fcd64 15991->16041 15993 7ff7f77fdac5 16034 7ff7f77fd0fc 15993->16034 15995 7ff7f77fda94 16027 7ff7f77fd3dc 15995->16027 15997->15935 15997->15938 15998->15991 15998->15993 15998->15995 15999 7ff7f77fda57 15998->15999 16000 7ff7f77fda4d 15998->16000 16017 7ff7f77fd60c 15999->16017 16000->15993 16002 7ff7f77fda52 16000->16002 16002->15995 16002->15999 16003->15997 16008 7ff7f77f930c 16003->16008 16006 7ff7f77f9f30 _wfindfirst32i64 17 API calls 16007 7ff7f77fdb5c 16006->16007 16009 7ff7f77f9323 16008->16009 16010 7ff7f77f9319 16008->16010 16011 7ff7f77f6088 _wfindfirst32i64 11 API calls 16009->16011 16010->16009 16015 7ff7f77f933e 16010->16015 16012 7ff7f77f932a 16011->16012 16014 7ff7f77f9f10 _invalid_parameter_noinfo 37 API calls 16012->16014 16013 7ff7f77f9336 16013->15997 16013->16006 16014->16013 16015->16013 16016 7ff7f77f6088 _wfindfirst32i64 11 API calls 16015->16016 16016->16012 16018 7ff7f780324c 38 API calls 16017->16018 16019 7ff7f77fd659 16018->16019 16020 7ff7f7802c94 37 API calls 16019->16020 16021 7ff7f77fd6b4 16020->16021 16022 7ff7f77fd709 16021->16022 16024 7ff7f77fd6d4 16021->16024 16026 7ff7f77fd6b8 16021->16026 16023 7ff7f77fd1f8 45 API calls 16022->16023 16023->16026 16024->16024 16025 7ff7f77fd4b4 45 API calls 16024->16025 16025->16026 16026->15997 16028 7ff7f780324c 38 API calls 16027->16028 16029 7ff7f77fd426 16028->16029 16030 7ff7f7802c94 37 API calls 16029->16030 16031 7ff7f77fd476 16030->16031 16032 7ff7f77fd47a 16031->16032 16033 7ff7f77fd4b4 45 API calls 16031->16033 16032->15997 16033->16032 16035 7ff7f780324c 38 API calls 16034->16035 16036 7ff7f77fd147 16035->16036 16037 7ff7f7802c94 37 API calls 16036->16037 16038 7ff7f77fd19f 16037->16038 16039 7ff7f77fd1a3 16038->16039 16040 7ff7f77fd1f8 45 API calls 16038->16040 16039->15997 16040->16039 16042 7ff7f77fcddc 16041->16042 16043 7ff7f77fcda9 16041->16043 16044 7ff7f77fcdf4 16042->16044 16048 7ff7f77fce75 16042->16048 16045 7ff7f77f9e44 _invalid_parameter_noinfo 37 API calls 16043->16045 16046 7ff7f77fd0fc 46 API calls 16044->16046 16047 7ff7f77fcdd5 memcpy_s 16045->16047 16046->16047 16047->15997 16048->16047 16049 7ff7f77f3830 45 API calls 16048->16049 16049->16047 16052 7ff7f77ff15c WideCharToMultiByte 16050->16052 16054 7ff7f77ef353 16053->16054 16055 7ff7f77ef341 16053->16055 16058 7ff7f77ef360 16054->16058 16061 7ff7f77ef39d 16054->16061 16056 7ff7f77f6088 _wfindfirst32i64 11 API calls 16055->16056 16057 7ff7f77ef346 16056->16057 16059 7ff7f77f9f10 _invalid_parameter_noinfo 37 API calls 16057->16059 16060 7ff7f77f9e44 _invalid_parameter_noinfo 37 API calls 16058->16060 16063 7ff7f77ef351 16059->16063 16060->16063 16062 7ff7f77ef446 16061->16062 16064 7ff7f77f6088 _wfindfirst32i64 11 API calls 16061->16064 16062->16063 16065 7ff7f77f6088 _wfindfirst32i64 11 API calls 16062->16065 16063->15857 16066 7ff7f77ef43b 16064->16066 16067 7ff7f77ef4f0 16065->16067 16069 7ff7f77f9f10 _invalid_parameter_noinfo 37 API calls 16066->16069 16068 7ff7f77f9f10 _invalid_parameter_noinfo 37 API calls 16067->16068 16068->16063 16069->16062 16071 7ff7f77fccd9 16070->16071 16073 7ff7f77f386f 16070->16073 16071->16073 16078 7ff7f78024a4 16071->16078 16074 7ff7f77fcd2c 16073->16074 16075 7ff7f77fcd45 16074->16075 16076 7ff7f77f387f 16074->16076 16075->16076 16113 7ff7f7801810 16075->16113 16076->15857 16090 7ff7f77fa780 GetLastError 16078->16090 16081 7ff7f78024fe 16081->16073 16091 7ff7f77fa7a4 FlsGetValue 16090->16091 16092 7ff7f77fa7c1 FlsSetValue 16090->16092 16093 7ff7f77fa7bb 16091->16093 16109 7ff7f77fa7b1 16091->16109 16094 7ff7f77fa7d3 16092->16094 16092->16109 16093->16092 16096 7ff7f77fdeb8 _wfindfirst32i64 11 API calls 16094->16096 16095 7ff7f77fa82d SetLastError 16097 7ff7f77fa84d 16095->16097 16098 7ff7f77fa83a 16095->16098 16099 7ff7f77fa7e2 16096->16099 16100 7ff7f77f936c __GetCurrentState 38 API calls 16097->16100 16098->16081 16112 7ff7f77ff808 EnterCriticalSection 16098->16112 16101 7ff7f77fa800 FlsSetValue 16099->16101 16102 7ff7f77fa7f0 FlsSetValue 16099->16102 16105 7ff7f77fa852 16100->16105 16103 7ff7f77fa81e 16101->16103 16104 7ff7f77fa80c FlsSetValue 16101->16104 16106 7ff7f77fa7f9 16102->16106 16108 7ff7f77fa524 _wfindfirst32i64 11 API calls 16103->16108 16104->16106 16107 7ff7f77f9f78 __free_lconv_mon 11 API calls 16106->16107 16107->16109 16110 7ff7f77fa826 16108->16110 16109->16095 16111 7ff7f77f9f78 __free_lconv_mon 11 API calls 16110->16111 16111->16095 16114 7ff7f77fa780 __GetCurrentState 45 API calls 16113->16114 16115 7ff7f7801819 16114->16115 16117 7ff7f77f3b86 16116->16117 16118 7ff7f77f3bbe 16117->16118 16119 7ff7f77f3bf1 16117->16119 16120 7ff7f77f9e44 _invalid_parameter_noinfo 37 API calls 16118->16120 16123 7ff7f77ef140 16119->16123 16122 7ff7f77f3be7 16120->16122 16122->15849 16130 7ff7f77f438c EnterCriticalSection 16123->16130 16138 7ff7f77f438c EnterCriticalSection 16131->16138 16140 7ff7f77e1d00 86 API calls 16139->16140 16141 7ff7f77e1c37 16140->16141 16144 7ff7f77f44e0 16141->16144 16145 7ff7f77f450b 16144->16145 16148 7ff7f77f43a4 16145->16148 16161 7ff7f77f6d50 EnterCriticalSection 16148->16161 16163 7ff7f77e2cdc GetModuleFileNameW 16162->16163 16163->15488 16163->15489 16165 7ff7f77e6ee4 WideCharToMultiByte 16164->16165 16166 7ff7f77e6f52 WideCharToMultiByte 16164->16166 16167 7ff7f77e6f25 16165->16167 16168 7ff7f77e6f0e 16165->16168 16169 7ff7f77e2d35 16166->16169 16170 7ff7f77e6f7f 16166->16170 16167->16166 16173 7ff7f77e6f3b 16167->16173 16172 7ff7f77e1cb0 86 API calls 16168->16172 16169->15492 16169->15495 16171 7ff7f77e1cb0 86 API calls 16170->16171 16171->16169 16172->16169 16174 7ff7f77e1cb0 86 API calls 16173->16174 16174->16169 16176 7ff7f77e5b6e 16175->16176 16177 7ff7f77f9283 16175->16177 16176->15513 16177->16176 16178 7ff7f77f930c __std_exception_copy 37 API calls 16177->16178 16179 7ff7f77f92b0 16178->16179 16179->16176 16180 7ff7f77f9f30 _wfindfirst32i64 17 API calls 16179->16180 16181 7ff7f77f92e0 16180->16181 16183 7ff7f77e17d4 16182->16183 16184 7ff7f77e17e4 16182->16184 16185 7ff7f77e2de0 120 API calls 16183->16185 16186 7ff7f77e6360 83 API calls 16184->16186 16212 7ff7f77e1842 16184->16212 16185->16184 16187 7ff7f77e1815 16186->16187 16187->16212 16216 7ff7f77eec94 16187->16216 16189 7ff7f77ea100 _wfindfirst32i64 8 API calls 16191 7ff7f77e19c0 16189->16191 16190 7ff7f77e182b 16192 7ff7f77e182f 16190->16192 16193 7ff7f77e184c 16190->16193 16191->15528 16191->15529 16195 7ff7f77e1c10 86 API calls 16192->16195 16220 7ff7f77ee95c 16193->16220 16195->16212 16197 7ff7f77e1867 16199 7ff7f77e1c10 86 API calls 16197->16199 16198 7ff7f77eec94 73 API calls 16200 7ff7f77e18d1 16198->16200 16199->16212 16201 7ff7f77e18e3 16200->16201 16202 7ff7f77e18fe 16200->16202 16203 7ff7f77e1c10 86 API calls 16201->16203 16204 7ff7f77ee95c _fread_nolock 53 API calls 16202->16204 16203->16212 16205 7ff7f77e1913 16204->16205 16205->16197 16206 7ff7f77e1925 16205->16206 16223 7ff7f77ee6d0 16206->16223 16209 7ff7f77e193d 16210 7ff7f77e1c50 86 API calls 16209->16210 16210->16212 16211 7ff7f77e1950 16213 7ff7f77e1993 16211->16213 16215 7ff7f77e1c50 86 API calls 16211->16215 16212->16189 16213->16212 16214 7ff7f77ee60c 74 API calls 16213->16214 16214->16212 16215->16213 16217 7ff7f77eecc4 16216->16217 16229 7ff7f77eea24 16217->16229 16219 7ff7f77eecdd 16219->16190 16241 7ff7f77ee97c 16220->16241 16224 7ff7f77ee6d9 16223->16224 16226 7ff7f77e1939 16223->16226 16225 7ff7f77f6088 _wfindfirst32i64 11 API calls 16224->16225 16227 7ff7f77ee6de 16225->16227 16226->16209 16226->16211 16228 7ff7f77f9f10 _invalid_parameter_noinfo 37 API calls 16227->16228 16228->16226 16230 7ff7f77eea8e 16229->16230 16231 7ff7f77eea4e 16229->16231 16230->16231 16233 7ff7f77eea9a 16230->16233 16232 7ff7f77f9e44 _invalid_parameter_noinfo 37 API calls 16231->16232 16234 7ff7f77eea75 16232->16234 16240 7ff7f77f438c EnterCriticalSection 16233->16240 16234->16219 16242 7ff7f77e1861 16241->16242 16243 7ff7f77ee9a6 16241->16243 16242->16197 16242->16198 16243->16242 16244 7ff7f77ee9b5 memcpy_s 16243->16244 16245 7ff7f77ee9f2 16243->16245 16248 7ff7f77f6088 _wfindfirst32i64 11 API calls 16244->16248 16254 7ff7f77f438c EnterCriticalSection 16245->16254 16250 7ff7f77ee9ca 16248->16250 16252 7ff7f77f9f10 _invalid_parameter_noinfo 37 API calls 16250->16252 16252->16242 16348 7ff7f77e5880 16255->16348 16257 7ff7f77e1454 16258 7ff7f77e1459 16257->16258 16357 7ff7f77e5ba0 16257->16357 16258->15555 16261 7ff7f77e14a7 16264 7ff7f77e14e0 16261->16264 16266 7ff7f77e2de0 120 API calls 16261->16266 16262 7ff7f77e1487 16263 7ff7f77e1c10 86 API calls 16262->16263 16282 7ff7f77e149d 16263->16282 16265 7ff7f77eec94 73 API calls 16264->16265 16267 7ff7f77e14f2 16265->16267 16268 7ff7f77e14bf 16266->16268 16269 7ff7f77e1516 16267->16269 16270 7ff7f77e14f6 16267->16270 16268->16264 16271 7ff7f77e14c7 16268->16271 16273 7ff7f77e1534 16269->16273 16274 7ff7f77e151c 16269->16274 16272 7ff7f77e1c10 86 API calls 16270->16272 16275 7ff7f77e1c50 86 API calls 16271->16275 16288 7ff7f77e14d6 __std_exception_copy 16272->16288 16277 7ff7f77e1556 16273->16277 16284 7ff7f77e1575 16273->16284 16382 7ff7f77e1050 16274->16382 16275->16288 16280 7ff7f77e1c10 86 API calls 16277->16280 16278 7ff7f77ee60c 74 API calls 16281 7ff7f77e1624 16278->16281 16279 7ff7f77ee60c 74 API calls 16279->16282 16280->16288 16281->16279 16282->15555 16283 7ff7f77ee95c _fread_nolock 53 API calls 16283->16284 16284->16283 16285 7ff7f77e15d5 16284->16285 16284->16288 16400 7ff7f77ef09c 16284->16400 16287 7ff7f77e1c10 86 API calls 16285->16287 16287->16288 16288->16278 16288->16281 16290 7ff7f77e1dd6 16289->16290 16291 7ff7f77e1b30 49 API calls 16290->16291 16293 7ff7f77e1e0b 16291->16293 16292 7ff7f77e2211 16293->16292 16294 7ff7f77e2c50 49 API calls 16293->16294 16295 7ff7f77e1e7f 16294->16295 16956 7ff7f77e2230 16295->16956 16298 7ff7f77e1ec1 16300 7ff7f77e5880 127 API calls 16298->16300 16299 7ff7f77e1efa 16301 7ff7f77e2230 75 API calls 16299->16301 16302 7ff7f77e1ec9 16300->16302 16303 7ff7f77e1f4c 16301->16303 16304 7ff7f77e1eea 16302->16304 16964 7ff7f77e5760 16302->16964 16305 7ff7f77e1fb6 16303->16305 16306 7ff7f77e1f50 16303->16306 16308 7ff7f77e1c50 86 API calls 16304->16308 16312 7ff7f77e1ef3 16304->16312 16310 7ff7f77e2230 75 API calls 16305->16310 16307 7ff7f77e5880 127 API calls 16306->16307 16311 7ff7f77e1f58 16307->16311 16308->16312 16313 7ff7f77e1fe2 16310->16313 16311->16304 16315 7ff7f77e5760 138 API calls 16311->16315 16317 7ff7f77ea100 _wfindfirst32i64 8 API calls 16312->16317 16314 7ff7f77e2042 16313->16314 16318 7ff7f77e2230 75 API calls 16313->16318 16314->16292 16316 7ff7f77e5880 127 API calls 16314->16316 16320 7ff7f77e1f75 16315->16320 16321 7ff7f77e2052 16316->16321 16322 7ff7f77e1fab 16317->16322 16319 7ff7f77e2012 16318->16319 16319->16314 16324 7ff7f77e2230 75 API calls 16319->16324 16320->16304 16323 7ff7f77e21f6 16320->16323 16321->16292 16322->15555 16324->16314 16345 7ff7f77e17a1 16344->16345 16346 7ff7f77e1795 16344->16346 16345->15555 16347 7ff7f77e1c50 86 API calls 16346->16347 16347->16345 16349 7ff7f77e5892 16348->16349 16354 7ff7f77e58c8 16348->16354 16404 7ff7f77e16d0 16349->16404 16354->16257 16358 7ff7f77e5bb0 16357->16358 16359 7ff7f77e1b30 49 API calls 16358->16359 16360 7ff7f77e5be1 16359->16360 16361 7ff7f77e5dab 16360->16361 16362 7ff7f77e1b30 49 API calls 16360->16362 16363 7ff7f77ea100 _wfindfirst32i64 8 API calls 16361->16363 16365 7ff7f77e5c08 16362->16365 16364 7ff7f77e147f 16363->16364 16364->16261 16364->16262 16365->16361 16919 7ff7f77f5158 16365->16919 16367 7ff7f77e5d19 16368 7ff7f77e6db0 88 API calls 16367->16368 16369 7ff7f77e5d31 16368->16369 16370 7ff7f77e5dda 16369->16370 16373 7ff7f77e5af0 92 API calls 16369->16373 16378 7ff7f77e5d62 __std_exception_copy 16369->16378 16372 7ff7f77e2de0 120 API calls 16370->16372 16371 7ff7f77e5c3d 16371->16361 16371->16367 16371->16371 16379 7ff7f77f5158 49 API calls 16371->16379 16380 7ff7f77e6db0 88 API calls 16371->16380 16381 7ff7f77e6a60 58 API calls 16371->16381 16372->16361 16373->16378 16374 7ff7f77e5d9f 16375 7ff7f77e5dce 16378->16374 16378->16375 16379->16371 16380->16371 16381->16371 16383 7ff7f77e10a6 16382->16383 16384 7ff7f77e10d3 16383->16384 16385 7ff7f77e10ad 16383->16385 16388 7ff7f77e10ed 16384->16388 16389 7ff7f77e1109 16384->16389 16386 7ff7f77e1c50 86 API calls 16385->16386 16387 7ff7f77e10c0 16386->16387 16387->16288 16390 7ff7f77e1c10 86 API calls 16388->16390 16391 7ff7f77e111b 16389->16391 16398 7ff7f77e1137 memcpy_s 16389->16398 16394 7ff7f77e1104 __std_exception_copy 16390->16394 16392 7ff7f77e1c10 86 API calls 16391->16392 16392->16394 16393 7ff7f77ee95c _fread_nolock 53 API calls 16393->16398 16394->16288 16395 7ff7f77e11fe 16397 7ff7f77ef09c 76 API calls 16397->16398 16398->16393 16398->16394 16398->16395 16398->16397 16399 7ff7f77ee6d0 37 API calls 16398->16399 16399->16398 16401 7ff7f77ef0cc 16400->16401 16941 7ff7f77eedec 16401->16941 16406 7ff7f77e16f5 16404->16406 16405 7ff7f77e1738 16408 7ff7f77e58e0 16405->16408 16406->16405 16407 7ff7f77e1c50 86 API calls 16406->16407 16407->16405 16409 7ff7f77e58f8 16408->16409 16410 7ff7f77e596b 16409->16410 16411 7ff7f77e5918 16409->16411 16412 7ff7f77e5970 GetTempPathW GetCurrentProcessId 16410->16412 16413 7ff7f77e5af0 92 API calls 16411->16413 16447 7ff7f77e6610 16412->16447 16415 7ff7f77e5924 16413->16415 16471 7ff7f77e55e0 16415->16471 16420 7ff7f77ea100 _wfindfirst32i64 8 API calls 16424 7ff7f77e5a46 16427 7ff7f77e6ec0 88 API calls 16424->16427 16425 7ff7f77e599e __std_exception_copy 16425->16424 16429 7ff7f77e59d1 16425->16429 16451 7ff7f77f74d0 16425->16451 16454 7ff7f77e6a60 16425->16454 16431 7ff7f77e6db0 88 API calls 16429->16431 16446 7ff7f77e5a0a __std_exception_copy 16429->16446 16446->16420 16448 7ff7f77e6635 16447->16448 16505 7ff7f77f3ed4 16448->16505 16677 7ff7f77f70fc 16451->16677 16455 7ff7f77ea130 16454->16455 16472 7ff7f77e55ec 16471->16472 16473 7ff7f77e6db0 88 API calls 16472->16473 16474 7ff7f77e560e 16473->16474 16475 7ff7f77e5616 16474->16475 16476 7ff7f77e5629 ExpandEnvironmentStringsW 16474->16476 16477 7ff7f77e1c50 86 API calls 16475->16477 16478 7ff7f77e564f __std_exception_copy 16476->16478 16484 7ff7f77e5622 16477->16484 16479 7ff7f77e5653 16478->16479 16480 7ff7f77e5666 16478->16480 16482 7ff7f77e1c50 86 API calls 16479->16482 16485 7ff7f77e5674 16480->16485 16486 7ff7f77e5680 16480->16486 16481 7ff7f77ea100 _wfindfirst32i64 8 API calls 16483 7ff7f77e5748 16481->16483 16482->16484 16483->16446 16495 7ff7f77f6818 16483->16495 16484->16481 16812 7ff7f77f60a8 16485->16812 16819 7ff7f77f53b8 16486->16819 16489 7ff7f77e567e 16496 7ff7f77f6825 16495->16496 16497 7ff7f77f6838 16495->16497 16509 7ff7f77f3f2e 16505->16509 16506 7ff7f77f3f53 16507 7ff7f77f9e44 _invalid_parameter_noinfo 37 API calls 16506->16507 16511 7ff7f77f3f7d 16507->16511 16508 7ff7f77f3f8f 16523 7ff7f77f1a44 16508->16523 16509->16506 16509->16508 16512 7ff7f77ea100 _wfindfirst32i64 8 API calls 16511->16512 16514 7ff7f77e6654 16512->16514 16513 7ff7f77f9f78 __free_lconv_mon 11 API calls 16513->16511 16514->16425 16516 7ff7f77f4096 16518 7ff7f77f4070 16516->16518 16519 7ff7f77f40a0 16516->16519 16517 7ff7f77f403c 16517->16518 16522 7ff7f77f4045 16517->16522 16518->16513 16521 7ff7f77f9f78 __free_lconv_mon 11 API calls 16519->16521 16520 7ff7f77f9f78 __free_lconv_mon 11 API calls 16520->16511 16521->16511 16522->16520 16524 7ff7f77f1a82 16523->16524 16529 7ff7f77f1a72 16523->16529 16525 7ff7f77f1a8b 16524->16525 16531 7ff7f77f1ab9 16524->16531 16528 7ff7f77f9e44 _invalid_parameter_noinfo 37 API calls 16525->16528 16526 7ff7f77f1ab1 16526->16516 16526->16517 16526->16518 16526->16522 16527 7ff7f77f9e44 _invalid_parameter_noinfo 37 API calls 16527->16526 16528->16526 16529->16527 16531->16526 16531->16529 16534 7ff7f77f2a18 16531->16534 16567 7ff7f77f202c 16531->16567 16604 7ff7f77f129c 16531->16604 16535 7ff7f77f2acb 16534->16535 16536 7ff7f77f2a5a 16534->16536 16539 7ff7f77f2b24 16535->16539 16540 7ff7f77f2ad0 16535->16540 16537 7ff7f77f2af5 16536->16537 16538 7ff7f77f2a60 16536->16538 16623 7ff7f77f0354 16537->16623 16541 7ff7f77f2a65 16538->16541 16542 7ff7f77f2a94 16538->16542 16546 7ff7f77f2b3b 16539->16546 16548 7ff7f77f2b2e 16539->16548 16553 7ff7f77f2b33 16539->16553 16543 7ff7f77f2b05 16540->16543 16544 7ff7f77f2ad2 16540->16544 16541->16546 16549 7ff7f77f2a6b 16541->16549 16542->16549 16542->16553 16630 7ff7f77eff44 16543->16630 16548->16537 16548->16553 16568 7ff7f77f2050 16567->16568 16569 7ff7f77f203a 16567->16569 16572 7ff7f77f9e44 _invalid_parameter_noinfo 37 API calls 16568->16572 16573 7ff7f77f2090 16568->16573 16570 7ff7f77f2acb 16569->16570 16571 7ff7f77f2a5a 16569->16571 16569->16573 16576 7ff7f77f2b24 16570->16576 16577 7ff7f77f2ad0 16570->16577 16574 7ff7f77f2af5 16571->16574 16575 7ff7f77f2a60 16571->16575 16572->16573 16573->16531 16660 7ff7f77ef5c8 16604->16660 16661 7ff7f77ef60f 16660->16661 16662 7ff7f77ef5fd 16660->16662 16665 7ff7f77ef61d 16661->16665 16669 7ff7f77ef659 16661->16669 16663 7ff7f77f6088 _wfindfirst32i64 11 API calls 16662->16663 16664 7ff7f77ef602 16663->16664 16667 7ff7f77f9e44 _invalid_parameter_noinfo 37 API calls 16665->16667 16668 7ff7f77ef9d5 16669->16668 16671 7ff7f77f6088 _wfindfirst32i64 11 API calls 16669->16671 16813 7ff7f77f60c6 16812->16813 16816 7ff7f77f60f9 16812->16816 16814 7ff7f77ff9a4 _wfindfirst32i64 37 API calls 16813->16814 16813->16816 16816->16489 16820 7ff7f77f53d4 16819->16820 16821 7ff7f77f5442 16819->16821 16820->16821 16823 7ff7f77f53d9 16820->16823 16856 7ff7f77ff110 16821->16856 16920 7ff7f77fa780 __GetCurrentState 45 API calls 16919->16920 16921 7ff7f77f516d 16920->16921 16922 7ff7f77fef17 16921->16922 16925 7ff7f77fee36 16921->16925 16928 7ff7f77ea294 16922->16928 16926 7ff7f77ea100 _wfindfirst32i64 8 API calls 16925->16926 16927 7ff7f77fef0f 16926->16927 16927->16371 16931 7ff7f77ea2a8 IsProcessorFeaturePresent 16928->16931 16932 7ff7f77ea2bf 16931->16932 16937 7ff7f77ea344 RtlCaptureContext RtlLookupFunctionEntry 16932->16937 16938 7ff7f77ea2d3 16937->16938 16939 7ff7f77ea374 RtlVirtualUnwind 16937->16939 16940 7ff7f77ea180 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16938->16940 16939->16938 16942 7ff7f77eee0c 16941->16942 16943 7ff7f77eee39 16941->16943 16942->16943 16957 7ff7f77e2264 16956->16957 16958 7ff7f77f3c80 49 API calls 16957->16958 16959 7ff7f77e228a 16958->16959 16960 7ff7f77e229b 16959->16960 16988 7ff7f77f4e70 16959->16988 16962 7ff7f77ea100 _wfindfirst32i64 8 API calls 16960->16962 16963 7ff7f77e1ebd 16962->16963 16963->16298 16963->16299 16965 7ff7f77e576e 16964->16965 16966 7ff7f77e2de0 120 API calls 16965->16966 16967 7ff7f77e5795 16966->16967 16968 7ff7f77e5ba0 138 API calls 16967->16968 16969 7ff7f77e57a3 16968->16969 16989 7ff7f77f4e8d 16988->16989 16990 7ff7f77f4e99 16988->16990 17005 7ff7f77f46e8 16989->17005 17030 7ff7f77f4a84 16990->17030 16996 7ff7f77f4ed1 17041 7ff7f77f456c 16996->17041 16998 7ff7f77f4f41 17001 7ff7f77f46e8 69 API calls 16998->17001 16999 7ff7f77f4f2d 17000 7ff7f77f4e92 16999->17000 17002 7ff7f77f9f78 __free_lconv_mon 11 API calls 16999->17002 17000->16960 17003 7ff7f77f4f4d 17001->17003 17002->17000 17003->17000 17004 7ff7f77f9f78 __free_lconv_mon 11 API calls 17003->17004 17004->17000 17006 7ff7f77f4702 17005->17006 17007 7ff7f77f471f 17005->17007 17008 7ff7f77f6068 _fread_nolock 11 API calls 17006->17008 17007->17006 17009 7ff7f77f4732 CreateFileW 17007->17009 17010 7ff7f77f4707 17008->17010 17011 7ff7f77f4766 17009->17011 17012 7ff7f77f479c 17009->17012 17014 7ff7f77f6088 _wfindfirst32i64 11 API calls 17010->17014 17063 7ff7f77f483c GetFileType 17011->17063 17089 7ff7f77f4d60 17012->17089 17017 7ff7f77f470f 17014->17017 17023 7ff7f77f9f10 _invalid_parameter_noinfo 37 API calls 17017->17023 17021 7ff7f77f47a5 17022 7ff7f77f47d0 17024 7ff7f77f471a 17023->17024 17024->17000 17031 7ff7f77f4aa3 17030->17031 17032 7ff7f77f4aa8 17030->17032 17031->16996 17038 7ff7f77fe144 17031->17038 17032->17031 17033 7ff7f77fa780 __GetCurrentState 45 API calls 17032->17033 17034 7ff7f77f4ac3 17033->17034 17151 7ff7f77fcc8c 17034->17151 17159 7ff7f77fdf30 17038->17159 17042 7ff7f77f4596 17041->17042 17043 7ff7f77f45ba 17041->17043 17047 7ff7f77f9f78 __free_lconv_mon 11 API calls 17042->17047 17050 7ff7f77f45a5 17042->17050 17044 7ff7f77f4614 17043->17044 17045 7ff7f77f45bf 17043->17045 17169 7ff7f77fe870 17044->17169 17048 7ff7f77f45d4 17045->17048 17045->17050 17051 7ff7f77f9f78 __free_lconv_mon 11 API calls 17045->17051 17047->17050 17052 7ff7f77fcc2c _fread_nolock 12 API calls 17048->17052 17050->16998 17050->16999 17051->17048 17052->17050 17064 7ff7f77f488a 17063->17064 17065 7ff7f77f4947 17063->17065 17066 7ff7f77f48b6 GetFileInformationByHandle 17064->17066 17073 7ff7f77f4c5c 21 API calls 17064->17073 17067 7ff7f77f4971 17065->17067 17068 7ff7f77f494f 17065->17068 17069 7ff7f77f4962 GetLastError 17066->17069 17070 7ff7f77f48df 17066->17070 17072 7ff7f77f4994 PeekNamedPipe 17067->17072 17079 7ff7f77f4932 17067->17079 17068->17069 17071 7ff7f77f4953 17068->17071 17076 7ff7f77f5ffc _fread_nolock 11 API calls 17069->17076 17074 7ff7f77f4b20 51 API calls 17070->17074 17075 7ff7f77f6088 _wfindfirst32i64 11 API calls 17071->17075 17072->17079 17077 7ff7f77f48a4 17073->17077 17078 7ff7f77f48ea 17074->17078 17075->17079 17076->17079 17077->17066 17077->17079 17080 7ff7f77ea100 _wfindfirst32i64 8 API calls 17079->17080 17082 7ff7f77f4774 17080->17082 17090 7ff7f77f4d96 17089->17090 17091 7ff7f77f4e2e __std_exception_copy 17090->17091 17092 7ff7f77f6088 _wfindfirst32i64 11 API calls 17090->17092 17093 7ff7f77ea100 _wfindfirst32i64 8 API calls 17091->17093 17094 7ff7f77f4da8 17092->17094 17095 7ff7f77f47a1 17093->17095 17096 7ff7f77f6088 _wfindfirst32i64 11 API calls 17094->17096 17095->17021 17095->17022 17097 7ff7f77f4db0 17096->17097 17152 7ff7f77fcca1 17151->17152 17154 7ff7f77f4ae6 17151->17154 17153 7ff7f78024a4 45 API calls 17152->17153 17152->17154 17153->17154 17155 7ff7f77fccf8 17154->17155 17156 7ff7f77fcd20 17155->17156 17157 7ff7f77fcd0d 17155->17157 17156->17031 17157->17156 17158 7ff7f7801810 45 API calls 17157->17158 17158->17156 17160 7ff7f77fdf8d 17159->17160 17167 7ff7f77fdf88 __vcrt_InitializeCriticalSectionEx 17159->17167 17160->16996 17161 7ff7f77fdfbd LoadLibraryExW 17163 7ff7f77fe092 17161->17163 17164 7ff7f77fdfe2 GetLastError 17161->17164 17162 7ff7f77fe0b2 GetProcAddress 17162->17160 17166 7ff7f77fe0c3 17162->17166 17163->17162 17165 7ff7f77fe0a9 FreeLibrary 17163->17165 17164->17167 17165->17162 17166->17160 17167->17160 17167->17161 17167->17162 17168 7ff7f77fe01c LoadLibraryExW 17167->17168 17168->17163 17168->17167 17171 7ff7f77fe879 MultiByteToWideChar 17169->17171 17199 7ff7f77e61da 17198->17199 17200 7ff7f77f92ed 17198->17200 17204 7ff7f77f705c 17199->17204 17201 7ff7f77f6088 _wfindfirst32i64 11 API calls 17200->17201 17202 7ff7f77f92f2 17201->17202 17205 7ff7f77f7065 17204->17205 17206 7ff7f77f707a 17204->17206 17255 7ff7f77f546c 17254->17255 17256 7ff7f77f5492 17255->17256 17259 7ff7f77f54c5 17255->17259 17257 7ff7f77f6088 _wfindfirst32i64 11 API calls 17256->17257 17258 7ff7f77f5497 17257->17258 17260 7ff7f77f9f10 _invalid_parameter_noinfo 37 API calls 17258->17260 17261 7ff7f77f54cb 17259->17261 17262 7ff7f77f54d8 17259->17262 17264 7ff7f77e2e39 17260->17264 17265 7ff7f77f6088 _wfindfirst32i64 11 API calls 17261->17265 17273 7ff7f77fa258 17262->17273 17264->15626 17265->17264 17286 7ff7f77ff808 EnterCriticalSection 17273->17286 17634 7ff7f77f7acc 17633->17634 17637 7ff7f77f75a8 17634->17637 17636 7ff7f77f7ae5 17636->15634 17638 7ff7f77f75c3 17637->17638 17639 7ff7f77f75f2 17637->17639 17640 7ff7f77f9e44 _invalid_parameter_noinfo 37 API calls 17638->17640 17647 7ff7f77f438c EnterCriticalSection 17639->17647 17646 7ff7f77f75e3 17640->17646 17646->17636 17649 7ff7f77ee403 17648->17649 17650 7ff7f77ee431 17648->17650 17651 7ff7f77f9e44 _invalid_parameter_noinfo 37 API calls 17649->17651 17652 7ff7f77ee423 17650->17652 17658 7ff7f77f438c EnterCriticalSection 17650->17658 17651->17652 17652->15640 17660 7ff7f77e12c6 17659->17660 17661 7ff7f77e12f8 17659->17661 17662 7ff7f77e2de0 120 API calls 17660->17662 17663 7ff7f77eec94 73 API calls 17661->17663 17664 7ff7f77e12d6 17662->17664 17665 7ff7f77e130a 17663->17665 17664->17661 17666 7ff7f77e12de 17664->17666 17667 7ff7f77e132f 17665->17667 17668 7ff7f77e130e 17665->17668 17669 7ff7f77e1c50 86 API calls 17666->17669 17673 7ff7f77e1364 17667->17673 17674 7ff7f77e1344 17667->17674 17670 7ff7f77e1c10 86 API calls 17668->17670 17672 7ff7f77e12ee 17669->17672 17671 7ff7f77e1325 17670->17671 17671->15650 17672->15650 17676 7ff7f77e137e 17673->17676 17681 7ff7f77e1395 17673->17681 17675 7ff7f77e1c10 86 API calls 17674->17675 17677 7ff7f77e135f __std_exception_copy 17675->17677 17678 7ff7f77e1050 94 API calls 17676->17678 17679 7ff7f77e1421 17677->17679 17682 7ff7f77ee60c 74 API calls 17677->17682 17678->17677 17679->15650 17680 7ff7f77ee95c _fread_nolock 53 API calls 17680->17681 17681->17677 17681->17680 17683 7ff7f77e13de 17681->17683 17682->17679 17684 7ff7f77e1c10 86 API calls 17683->17684 17684->17677 17686 7ff7f77e1b30 49 API calls 17685->17686 17687 7ff7f77e2e90 17686->17687 17687->15652 17689 7ff7f77e16aa 17688->17689 17690 7ff7f77e1666 17688->17690 17689->15661 17690->17689 17691 7ff7f77e1c50 86 API calls 17690->17691 17692 7ff7f77e16be 17691->17692 17692->15661 17694 7ff7f77e6db0 88 API calls 17693->17694 17695 7ff7f77e6327 LoadLibraryExW 17694->17695 17696 7ff7f77e6344 __std_exception_copy 17695->17696 17696->15677 17698 7ff7f77e3ad0 17697->17698 17699 7ff7f77e1b30 49 API calls 17698->17699 17700 7ff7f77e3b02 17699->17700 17701 7ff7f77e3b0b 17700->17701 17702 7ff7f77e3b2b 17700->17702 17704 7ff7f77e1c50 86 API calls 17701->17704 17703 7ff7f77e3b82 17702->17703 17705 7ff7f77e2e60 49 API calls 17702->17705 17706 7ff7f77e2e60 49 API calls 17703->17706 17707 7ff7f77e3b21 17704->17707 17708 7ff7f77e3b4c 17705->17708 17709 7ff7f77e3b9b 17706->17709 17711 7ff7f77ea100 _wfindfirst32i64 8 API calls 17707->17711 17710 7ff7f77e3b6a 17708->17710 17714 7ff7f77e1c50 86 API calls 17708->17714 17712 7ff7f77e3bb9 17709->17712 17717 7ff7f77e1c50 86 API calls 17709->17717 17768 7ff7f77e2d70 17710->17768 17716 7ff7f77e22de 17711->17716 17713 7ff7f77e6310 89 API calls 17712->17713 17718 7ff7f77e3bc6 17713->17718 17714->17710 17716->15756 17725 7ff7f77e3e40 17716->17725 17717->17712 17720 7ff7f77e3bcb 17718->17720 17721 7ff7f77e3bed 17718->17721 17722 7ff7f77e1cb0 86 API calls 17720->17722 17774 7ff7f77e2f20 GetProcAddress 17721->17774 17722->17707 17724 7ff7f77e6310 89 API calls 17724->17703 17726 7ff7f77e5af0 92 API calls 17725->17726 17728 7ff7f77e3e55 17726->17728 17727 7ff7f77e3e70 17729 7ff7f77e6db0 88 API calls 17727->17729 17728->17727 17730 7ff7f77e1c50 86 API calls 17728->17730 17731 7ff7f77e3eb4 17729->17731 17730->17727 17732 7ff7f77e3ed0 17731->17732 17733 7ff7f77e3eb9 17731->17733 17736 7ff7f77e6db0 88 API calls 17732->17736 17734 7ff7f77e1c50 86 API calls 17733->17734 17735 7ff7f77e3ec5 17734->17735 17735->15758 17737 7ff7f77e3f05 17736->17737 17738 7ff7f77e3f0a __std_exception_copy 17737->17738 17740 7ff7f77e1b30 49 API calls 17737->17740 17739 7ff7f77e1c50 86 API calls 17738->17739 17752 7ff7f77e409a 17738->17752 17741 7ff7f77e40b1 17739->17741 17742 7ff7f77e3f87 17740->17742 17741->15758 17743 7ff7f77e3fb3 17742->17743 17744 7ff7f77e3f8e 17742->17744 17746 7ff7f77e6db0 88 API calls 17743->17746 17745 7ff7f77e1c50 86 API calls 17744->17745 17752->15758 17754 7ff7f77e3857 17753->17754 17754->17754 17755 7ff7f77e3880 17754->17755 17762 7ff7f77e3897 __std_exception_copy 17754->17762 17769 7ff7f77e2d7a 17768->17769 17770 7ff7f77e6db0 88 API calls 17769->17770 17771 7ff7f77e2da2 17770->17771 17772 7ff7f77ea100 _wfindfirst32i64 8 API calls 17771->17772 17773 7ff7f77e2dca 17772->17773 17773->17703 17773->17724 17775 7ff7f77e2f6b GetProcAddress 17774->17775 17776 7ff7f77e2f48 17774->17776 17775->17776 17777 7ff7f77e2f90 GetProcAddress 17775->17777 17778 7ff7f77e1cb0 86 API calls 17776->17778 17777->17776 17779 7ff7f77e2fb5 GetProcAddress 17777->17779 17780 7ff7f77e2f5b 17778->17780 17779->17776 17781 7ff7f77e2fdd GetProcAddress 17779->17781 17780->17707 17781->17776 17782 7ff7f77e3005 GetProcAddress 17781->17782 17782->17776 17783 7ff7f77e302d GetProcAddress 17782->17783 17784 7ff7f77e3055 GetProcAddress 17783->17784 17785 7ff7f77e3049 17783->17785 17786 7ff7f77e3071 17784->17786 17787 7ff7f77e307d GetProcAddress 17784->17787 17785->17784 17786->17787 17788 7ff7f77e3099 17787->17788 17994 7ff7f77fa780 __GetCurrentState 45 API calls 17993->17994 17995 7ff7f77f9241 17994->17995 17998 7ff7f77f936c 17995->17998 18007 7ff7f78027f0 17998->18007 18033 7ff7f78027a8 18007->18033 18038 7ff7f77ff808 EnterCriticalSection 18033->18038 18042 7ff7f77f8919 18043 7ff7f77f9238 45 API calls 18042->18043 18044 7ff7f77f891e 18043->18044 18045 7ff7f77f8945 GetModuleHandleW 18044->18045 18046 7ff7f77f898f 18044->18046 18045->18046 18052 7ff7f77f8952 18045->18052 18054 7ff7f77f881c 18046->18054 18052->18046 18068 7ff7f77f8a40 GetModuleHandleExW 18052->18068 18074 7ff7f77ff808 EnterCriticalSection 18054->18074 18069 7ff7f77f8a74 GetProcAddress 18068->18069 18070 7ff7f77f8a9d 18068->18070 18071 7ff7f77f8a86 18069->18071 18072 7ff7f77f8aa2 FreeLibrary 18070->18072 18073 7ff7f77f8aa9 18070->18073 18071->18070 18072->18073 18073->18046 18726 7ff7f77f8bb0 18729 7ff7f77f8b30 18726->18729 18736 7ff7f77ff808 EnterCriticalSection 18729->18736 19374 7ff7f77ea430 19375 7ff7f77ea440 19374->19375 19391 7ff7f77f580c 19375->19391 19377 7ff7f77ea44c 19397 7ff7f77ea748 19377->19397 19379 7ff7f77eaa2c 7 API calls 19381 7ff7f77ea4e5 19379->19381 19380 7ff7f77ea464 _RTC_Initialize 19389 7ff7f77ea4b9 19380->19389 19402 7ff7f77ea8f8 19380->19402 19383 7ff7f77ea479 19405 7ff7f77f7fd0 19383->19405 19389->19379 19390 7ff7f77ea4d5 19389->19390 19392 7ff7f77f581d 19391->19392 19393 7ff7f77f5825 19392->19393 19394 7ff7f77f6088 _wfindfirst32i64 11 API calls 19392->19394 19393->19377 19395 7ff7f77f5834 19394->19395 19396 7ff7f77f9f10 _invalid_parameter_noinfo 37 API calls 19395->19396 19396->19393 19398 7ff7f77ea759 19397->19398 19401 7ff7f77ea75e __scrt_release_startup_lock 19397->19401 19399 7ff7f77eaa2c 7 API calls 19398->19399 19398->19401 19400 7ff7f77ea7d2 19399->19400 19401->19380 19430 7ff7f77ea8bc 19402->19430 19404 7ff7f77ea901 19404->19383 19406 7ff7f77ea485 19405->19406 19407 7ff7f77f7ff0 19405->19407 19406->19389 19429 7ff7f77ea9cc InitializeSListHead 19406->19429 19408 7ff7f77f800e GetModuleFileNameW 19407->19408 19409 7ff7f77f7ff8 19407->19409 19413 7ff7f77f8039 19408->19413 19410 7ff7f77f6088 _wfindfirst32i64 11 API calls 19409->19410 19411 7ff7f77f7ffd 19410->19411 19412 7ff7f77f9f10 _invalid_parameter_noinfo 37 API calls 19411->19412 19412->19406 19414 7ff7f77f7f70 11 API calls 19413->19414 19415 7ff7f77f8079 19414->19415 19416 7ff7f77f8081 19415->19416 19420 7ff7f77f8099 19415->19420 19417 7ff7f77f6088 _wfindfirst32i64 11 API calls 19416->19417 19418 7ff7f77f8086 19417->19418 19419 7ff7f77f9f78 __free_lconv_mon 11 API calls 19418->19419 19419->19406 19421 7ff7f77f80bb 19420->19421 19423 7ff7f77f8100 19420->19423 19424 7ff7f77f80e7 19420->19424 19422 7ff7f77f9f78 __free_lconv_mon 11 API calls 19421->19422 19422->19406 19426 7ff7f77f9f78 __free_lconv_mon 11 API calls 19423->19426 19425 7ff7f77f9f78 __free_lconv_mon 11 API calls 19424->19425 19427 7ff7f77f80f0 19425->19427 19426->19421 19428 7ff7f77f9f78 __free_lconv_mon 11 API calls 19427->19428 19428->19406 19431 7ff7f77ea8d6 19430->19431 19433 7ff7f77ea8cf 19430->19433 19434 7ff7f77f904c 19431->19434 19433->19404 19437 7ff7f77f8c88 19434->19437 19444 7ff7f77ff808 EnterCriticalSection 19437->19444 19445 7ff7f77f4330 19446 7ff7f77f433b 19445->19446 19454 7ff7f77fe4c4 19446->19454 19467 7ff7f77ff808 EnterCriticalSection 19454->19467 15105 7ff7f77fe95c 15106 7ff7f77feb4e 15105->15106 15108 7ff7f77fe99e _isindst 15105->15108 15107 7ff7f77f6088 _wfindfirst32i64 11 API calls 15106->15107 15125 7ff7f77feb3e 15107->15125 15108->15106 15111 7ff7f77fea1e _isindst 15108->15111 15126 7ff7f7805434 15111->15126 15116 7ff7f77feb7a 15166 7ff7f77f9f30 IsProcessorFeaturePresent 15116->15166 15123 7ff7f77fea7b 15123->15125 15150 7ff7f7805478 15123->15150 15157 7ff7f77ea100 15125->15157 15127 7ff7f7805443 15126->15127 15128 7ff7f77fea3c 15126->15128 15170 7ff7f77ff808 EnterCriticalSection 15127->15170 15132 7ff7f7804838 15128->15132 15133 7ff7f7804841 15132->15133 15134 7ff7f77fea51 15132->15134 15135 7ff7f77f6088 _wfindfirst32i64 11 API calls 15133->15135 15134->15116 15138 7ff7f7804868 15134->15138 15136 7ff7f7804846 15135->15136 15171 7ff7f77f9f10 15136->15171 15139 7ff7f7804871 15138->15139 15140 7ff7f77fea62 15138->15140 15141 7ff7f77f6088 _wfindfirst32i64 11 API calls 15139->15141 15140->15116 15144 7ff7f7804898 15140->15144 15142 7ff7f7804876 15141->15142 15143 7ff7f77f9f10 _invalid_parameter_noinfo 37 API calls 15142->15143 15143->15140 15145 7ff7f78048a1 15144->15145 15146 7ff7f77fea73 15144->15146 15147 7ff7f77f6088 _wfindfirst32i64 11 API calls 15145->15147 15146->15116 15146->15123 15148 7ff7f78048a6 15147->15148 15149 7ff7f77f9f10 _invalid_parameter_noinfo 37 API calls 15148->15149 15149->15146 15211 7ff7f77ff808 EnterCriticalSection 15150->15211 15158 7ff7f77ea109 15157->15158 15159 7ff7f77ea114 15158->15159 15160 7ff7f77ea1c0 IsProcessorFeaturePresent 15158->15160 15161 7ff7f77ea1d8 15160->15161 15212 7ff7f77ea3b4 RtlCaptureContext 15161->15212 15167 7ff7f77f9f43 15166->15167 15217 7ff7f77f9c44 15167->15217 15173 7ff7f77f9da8 15171->15173 15174 7ff7f77f9dd3 15173->15174 15177 7ff7f77f9e44 15174->15177 15176 7ff7f77f9dfa 15185 7ff7f77f9b8c 15177->15185 15180 7ff7f77f9e7f 15180->15176 15183 7ff7f77f9f30 _wfindfirst32i64 17 API calls 15184 7ff7f77f9f0f 15183->15184 15186 7ff7f77f9be3 15185->15186 15187 7ff7f77f9ba8 GetLastError 15185->15187 15186->15180 15191 7ff7f77f9bf8 15186->15191 15188 7ff7f77f9bb8 15187->15188 15194 7ff7f77fa9c0 15188->15194 15192 7ff7f77f9c14 GetLastError SetLastError 15191->15192 15193 7ff7f77f9c2c 15191->15193 15192->15193 15193->15180 15193->15183 15195 7ff7f77fa9df FlsGetValue 15194->15195 15196 7ff7f77fa9fa FlsSetValue 15194->15196 15197 7ff7f77fa9f4 15195->15197 15199 7ff7f77f9bd3 SetLastError 15195->15199 15198 7ff7f77faa07 15196->15198 15196->15199 15197->15196 15200 7ff7f77fdeb8 _wfindfirst32i64 11 API calls 15198->15200 15199->15186 15201 7ff7f77faa16 15200->15201 15202 7ff7f77faa34 FlsSetValue 15201->15202 15203 7ff7f77faa24 FlsSetValue 15201->15203 15205 7ff7f77faa52 15202->15205 15206 7ff7f77faa40 FlsSetValue 15202->15206 15204 7ff7f77faa2d 15203->15204 15208 7ff7f77f9f78 __free_lconv_mon 11 API calls 15204->15208 15207 7ff7f77fa524 _wfindfirst32i64 11 API calls 15205->15207 15206->15204 15209 7ff7f77faa5a 15207->15209 15208->15199 15210 7ff7f77f9f78 __free_lconv_mon 11 API calls 15209->15210 15210->15199 15213 7ff7f77ea3ce RtlLookupFunctionEntry 15212->15213 15214 7ff7f77ea3e4 RtlVirtualUnwind 15213->15214 15215 7ff7f77ea1eb 15213->15215 15214->15213 15214->15215 15216 7ff7f77ea180 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 15215->15216 15218 7ff7f77f9c7e _wfindfirst32i64 memcpy_s 15217->15218 15219 7ff7f77f9ca6 RtlCaptureContext RtlLookupFunctionEntry 15218->15219 15220 7ff7f77f9d16 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15219->15220 15221 7ff7f77f9ce0 RtlVirtualUnwind 15219->15221 15222 7ff7f77f9d68 _wfindfirst32i64 15220->15222 15221->15220 15223 7ff7f77ea100 _wfindfirst32i64 8 API calls 15222->15223 15224 7ff7f77f9d87 GetCurrentProcess TerminateProcess 15223->15224 19503 7ff7f7800870 19514 7ff7f78067e4 19503->19514 19516 7ff7f78067f1 19514->19516 19515 7ff7f77f9f78 __free_lconv_mon 11 API calls 19515->19516 19516->19515 19517 7ff7f780680d 19516->19517 19518 7ff7f77f9f78 __free_lconv_mon 11 API calls 19517->19518 19519 7ff7f7800879 19517->19519 19518->19517 19520 7ff7f77ff808 EnterCriticalSection 19519->19520 15032 7ff7f77e96f0 15033 7ff7f77e971e 15032->15033 15034 7ff7f77e9705 15032->15034 15034->15033 15037 7ff7f77fcc2c 15034->15037 15038 7ff7f77fcc3b _wfindfirst32i64 15037->15038 15039 7ff7f77fcc77 15037->15039 15038->15039 15041 7ff7f77fcc5e HeapAlloc 15038->15041 15044 7ff7f7802730 15038->15044 15047 7ff7f77f6088 15039->15047 15041->15038 15042 7ff7f77e977c 15041->15042 15050 7ff7f7802770 15044->15050 15056 7ff7f77fa8f8 GetLastError 15047->15056 15049 7ff7f77f6091 15049->15042 15055 7ff7f77ff808 EnterCriticalSection 15050->15055 15057 7ff7f77fa91c 15056->15057 15058 7ff7f77fa939 FlsSetValue 15056->15058 15057->15058 15070 7ff7f77fa929 SetLastError 15057->15070 15059 7ff7f77fa94b 15058->15059 15058->15070 15073 7ff7f77fdeb8 15059->15073 15063 7ff7f77fa978 FlsSetValue 15066 7ff7f77fa996 15063->15066 15067 7ff7f77fa984 FlsSetValue 15063->15067 15064 7ff7f77fa968 FlsSetValue 15065 7ff7f77fa971 15064->15065 15080 7ff7f77f9f78 15065->15080 15086 7ff7f77fa524 15066->15086 15067->15065 15070->15049 15074 7ff7f77fdec9 _wfindfirst32i64 15073->15074 15075 7ff7f77fdf1a 15074->15075 15076 7ff7f77fdefe HeapAlloc 15074->15076 15079 7ff7f7802730 _wfindfirst32i64 2 API calls 15074->15079 15078 7ff7f77f6088 _wfindfirst32i64 10 API calls 15075->15078 15076->15074 15077 7ff7f77fa95a 15076->15077 15077->15063 15077->15064 15078->15077 15079->15074 15081 7ff7f77f9fac 15080->15081 15082 7ff7f77f9f7d RtlFreeHeap 15080->15082 15081->15070 15082->15081 15083 7ff7f77f9f98 GetLastError 15082->15083 15084 7ff7f77f9fa5 __free_lconv_mon 15083->15084 15085 7ff7f77f6088 _wfindfirst32i64 9 API calls 15084->15085 15085->15081 15091 7ff7f77fa3fc 15086->15091 15103 7ff7f77ff808 EnterCriticalSection 15091->15103 19136 7ff7f77fa600 19137 7ff7f77fa605 19136->19137 19138 7ff7f77fa61a 19136->19138 19142 7ff7f77fa620 19137->19142 19143 7ff7f77fa662 19142->19143 19144 7ff7f77fa66a 19142->19144 19145 7ff7f77f9f78 __free_lconv_mon 11 API calls 19143->19145 19146 7ff7f77f9f78 __free_lconv_mon 11 API calls 19144->19146 19145->19144 19147 7ff7f77fa677 19146->19147 19148 7ff7f77f9f78 __free_lconv_mon 11 API calls 19147->19148 19149 7ff7f77fa684 19148->19149 19150 7ff7f77f9f78 __free_lconv_mon 11 API calls 19149->19150 19151 7ff7f77fa691 19150->19151 19152 7ff7f77f9f78 __free_lconv_mon 11 API calls 19151->19152 19153 7ff7f77fa69e 19152->19153 19154 7ff7f77f9f78 __free_lconv_mon 11 API calls 19153->19154 19155 7ff7f77fa6ab 19154->19155 19156 7ff7f77f9f78 __free_lconv_mon 11 API calls 19155->19156 19157 7ff7f77fa6b8 19156->19157 19158 7ff7f77f9f78 __free_lconv_mon 11 API calls 19157->19158 19159 7ff7f77fa6c5 19158->19159 19160 7ff7f77f9f78 __free_lconv_mon 11 API calls 19159->19160 19161 7ff7f77fa6d5 19160->19161 19162 7ff7f77f9f78 __free_lconv_mon 11 API calls 19161->19162 19163 7ff7f77fa6e5 19162->19163 19168 7ff7f77fa4c4 19163->19168 19182 7ff7f77ff808 EnterCriticalSection 19168->19182 19538 7ff7f7809792 19539 7ff7f78097ab 19538->19539 19540 7ff7f78097a1 19538->19540 19542 7ff7f77ff868 LeaveCriticalSection 19540->19542 18650 7ff7f77f6878 18651 7ff7f77f68a6 18650->18651 18652 7ff7f77f68df 18650->18652 18653 7ff7f77f6088 _wfindfirst32i64 11 API calls 18651->18653 18652->18651 18654 7ff7f77f68e4 FindFirstFileExW 18652->18654 18655 7ff7f77f68ab 18653->18655 18656 7ff7f77f6906 GetLastError 18654->18656 18657 7ff7f77f694d 18654->18657 18658 7ff7f77f9f10 _invalid_parameter_noinfo 37 API calls 18655->18658 18660 7ff7f77f6911 18656->18660 18661 7ff7f77f693d 18656->18661 18710 7ff7f77f6ae8 18657->18710 18677 7ff7f77f68b6 18658->18677 18660->18661 18664 7ff7f77f692d 18660->18664 18665 7ff7f77f691b 18660->18665 18662 7ff7f77f6088 _wfindfirst32i64 11 API calls 18661->18662 18662->18677 18668 7ff7f77f6088 _wfindfirst32i64 11 API calls 18664->18668 18665->18661 18667 7ff7f77f6920 18665->18667 18666 7ff7f77f6ae8 _wfindfirst32i64 10 API calls 18670 7ff7f77f6973 18666->18670 18671 7ff7f77f6088 _wfindfirst32i64 11 API calls 18667->18671 18668->18677 18669 7ff7f77ea100 _wfindfirst32i64 8 API calls 18672 7ff7f77f68ca 18669->18672 18673 7ff7f77f6ae8 _wfindfirst32i64 10 API calls 18670->18673 18671->18677 18674 7ff7f77f6981 18673->18674 18675 7ff7f77ff9a4 _wfindfirst32i64 37 API calls 18674->18675 18676 7ff7f77f699f 18675->18676 18676->18677 18678 7ff7f77f69ab 18676->18678 18677->18669 18679 7ff7f77f9f30 _wfindfirst32i64 17 API calls 18678->18679 18680 7ff7f77f69bf 18679->18680 18681 7ff7f77f69e9 18680->18681 18683 7ff7f77f6a28 FindNextFileW 18680->18683 18682 7ff7f77f6088 _wfindfirst32i64 11 API calls 18681->18682 18684 7ff7f77f69ee 18682->18684 18685 7ff7f77f6a37 GetLastError 18683->18685 18686 7ff7f77f6a78 18683->18686 18687 7ff7f77f9f10 _invalid_parameter_noinfo 37 API calls 18684->18687 18689 7ff7f77f6a42 18685->18689 18690 7ff7f77f6a6b 18685->18690 18688 7ff7f77f6ae8 _wfindfirst32i64 10 API calls 18686->18688 18691 7ff7f77f69f9 18687->18691 18692 7ff7f77f6a90 18688->18692 18689->18690 18695 7ff7f77f6a5e 18689->18695 18696 7ff7f77f6a4c 18689->18696 18693 7ff7f77f6088 _wfindfirst32i64 11 API calls 18690->18693 18697 7ff7f77ea100 _wfindfirst32i64 8 API calls 18691->18697 18694 7ff7f77f6ae8 _wfindfirst32i64 10 API calls 18692->18694 18693->18691 18698 7ff7f77f6a9e 18694->18698 18700 7ff7f77f6088 _wfindfirst32i64 11 API calls 18695->18700 18696->18690 18699 7ff7f77f6a51 18696->18699 18701 7ff7f77f6a0c 18697->18701 18702 7ff7f77f6ae8 _wfindfirst32i64 10 API calls 18698->18702 18703 7ff7f77f6088 _wfindfirst32i64 11 API calls 18699->18703 18700->18691 18704 7ff7f77f6aac 18702->18704 18703->18691 18705 7ff7f77ff9a4 _wfindfirst32i64 37 API calls 18704->18705 18706 7ff7f77f6aca 18705->18706 18706->18691 18707 7ff7f77f6ad2 18706->18707 18708 7ff7f77f9f30 _wfindfirst32i64 17 API calls 18707->18708 18709 7ff7f77f6ae6 18708->18709 18711 7ff7f77f6b06 FileTimeToSystemTime 18710->18711 18712 7ff7f77f6b00 18710->18712 18713 7ff7f77f6b15 SystemTimeToTzSpecificLocalTime 18711->18713 18715 7ff7f77f6b2b 18711->18715 18712->18711 18712->18715 18713->18715 18714 7ff7f77ea100 _wfindfirst32i64 8 API calls 18716 7ff7f77f6965 18714->18716 18715->18714 18716->18666 19543 7ff7f7809577 19544 7ff7f7809587 19543->19544 19547 7ff7f77f4398 LeaveCriticalSection 19544->19547 19278 7ff7f78096fd 19281 7ff7f77f4398 LeaveCriticalSection 19278->19281 18085 7ff7f77ffa88 18086 7ff7f77ffaac 18085->18086 18089 7ff7f77ffabc 18085->18089 18087 7ff7f77f6088 _wfindfirst32i64 11 API calls 18086->18087 18088 7ff7f77ffab1 18087->18088 18090 7ff7f77ffd9c 18089->18090 18091 7ff7f77ffade 18089->18091 18092 7ff7f77f6088 _wfindfirst32i64 11 API calls 18090->18092 18093 7ff7f77ffaff 18091->18093 18231 7ff7f7800144 18091->18231 18094 7ff7f77ffda1 18092->18094 18097 7ff7f77ffb71 18093->18097 18098 7ff7f77ffb25 18093->18098 18114 7ff7f77ffb65 18093->18114 18096 7ff7f77f9f78 __free_lconv_mon 11 API calls 18094->18096 18096->18088 18100 7ff7f77ffb34 18097->18100 18102 7ff7f77fdeb8 _wfindfirst32i64 11 API calls 18097->18102 18246 7ff7f77f867c 18098->18246 18099 7ff7f77ffc1e 18109 7ff7f77ffc3b 18099->18109 18115 7ff7f77ffc8d 18099->18115 18104 7ff7f77f9f78 __free_lconv_mon 11 API calls 18100->18104 18105 7ff7f77ffb87 18102->18105 18104->18088 18110 7ff7f77f9f78 __free_lconv_mon 11 API calls 18105->18110 18107 7ff7f77ffb2f 18112 7ff7f77f6088 _wfindfirst32i64 11 API calls 18107->18112 18108 7ff7f77ffb4d 18108->18114 18117 7ff7f7800144 45 API calls 18108->18117 18113 7ff7f77f9f78 __free_lconv_mon 11 API calls 18109->18113 18111 7ff7f77ffb95 18110->18111 18111->18100 18111->18114 18119 7ff7f77fdeb8 _wfindfirst32i64 11 API calls 18111->18119 18112->18100 18116 7ff7f77ffc44 18113->18116 18114->18099 18114->18100 18252 7ff7f780652c 18114->18252 18115->18100 18118 7ff7f780257c 40 API calls 18115->18118 18127 7ff7f77ffc49 18116->18127 18288 7ff7f780257c 18116->18288 18117->18114 18120 7ff7f77ffcca 18118->18120 18121 7ff7f77ffbb7 18119->18121 18122 7ff7f77f9f78 __free_lconv_mon 11 API calls 18120->18122 18124 7ff7f77f9f78 __free_lconv_mon 11 API calls 18121->18124 18125 7ff7f77ffcd4 18122->18125 18124->18114 18125->18100 18125->18127 18126 7ff7f77ffd90 18129 7ff7f77f9f78 __free_lconv_mon 11 API calls 18126->18129 18127->18126 18131 7ff7f77fdeb8 _wfindfirst32i64 11 API calls 18127->18131 18128 7ff7f77ffc75 18130 7ff7f77f9f78 __free_lconv_mon 11 API calls 18128->18130 18129->18088 18130->18127 18132 7ff7f77ffd18 18131->18132 18133 7ff7f77ffd20 18132->18133 18134 7ff7f77ffd29 18132->18134 18135 7ff7f77f9f78 __free_lconv_mon 11 API calls 18133->18135 18136 7ff7f77f930c __std_exception_copy 37 API calls 18134->18136 18137 7ff7f77ffd27 18135->18137 18138 7ff7f77ffd38 18136->18138 18141 7ff7f77f9f78 __free_lconv_mon 11 API calls 18137->18141 18139 7ff7f77ffd40 18138->18139 18140 7ff7f77ffdcb 18138->18140 18297 7ff7f7806644 18139->18297 18143 7ff7f77f9f30 _wfindfirst32i64 17 API calls 18140->18143 18141->18088 18144 7ff7f77ffddf 18143->18144 18146 7ff7f77ffe08 18144->18146 18153 7ff7f77ffe18 18144->18153 18149 7ff7f77f6088 _wfindfirst32i64 11 API calls 18146->18149 18147 7ff7f77ffd88 18150 7ff7f77f9f78 __free_lconv_mon 11 API calls 18147->18150 18148 7ff7f77ffd67 18151 7ff7f77f6088 _wfindfirst32i64 11 API calls 18148->18151 18178 7ff7f77ffe0d 18149->18178 18150->18126 18152 7ff7f77ffd6c 18151->18152 18155 7ff7f77f9f78 __free_lconv_mon 11 API calls 18152->18155 18154 7ff7f78000fb 18153->18154 18156 7ff7f77ffe3a 18153->18156 18157 7ff7f77f6088 _wfindfirst32i64 11 API calls 18154->18157 18155->18137 18158 7ff7f77ffe57 18156->18158 18216 7ff7f780022c 18156->18216 18159 7ff7f7800100 18157->18159 18162 7ff7f77ffecb 18158->18162 18164 7ff7f77ffe7f 18158->18164 18172 7ff7f77ffebf 18158->18172 18161 7ff7f77f9f78 __free_lconv_mon 11 API calls 18159->18161 18161->18178 18167 7ff7f77ffef3 18162->18167 18168 7ff7f77fdeb8 _wfindfirst32i64 11 API calls 18162->18168 18183 7ff7f77ffe8e 18162->18183 18163 7ff7f77fff7e 18176 7ff7f77fff9b 18163->18176 18184 7ff7f77fffee 18163->18184 18316 7ff7f77f86b8 18164->18316 18170 7ff7f77fdeb8 _wfindfirst32i64 11 API calls 18167->18170 18167->18172 18167->18183 18173 7ff7f77ffee5 18168->18173 18177 7ff7f77fff15 18170->18177 18171 7ff7f77f9f78 __free_lconv_mon 11 API calls 18171->18178 18172->18163 18172->18183 18322 7ff7f78063ec 18172->18322 18179 7ff7f77f9f78 __free_lconv_mon 11 API calls 18173->18179 18174 7ff7f77ffe89 18180 7ff7f77f6088 _wfindfirst32i64 11 API calls 18174->18180 18175 7ff7f77ffea7 18175->18172 18186 7ff7f780022c 45 API calls 18175->18186 18181 7ff7f77f9f78 __free_lconv_mon 11 API calls 18176->18181 18182 7ff7f77f9f78 __free_lconv_mon 11 API calls 18177->18182 18179->18167 18180->18183 18185 7ff7f77fffa4 18181->18185 18182->18172 18183->18171 18184->18183 18187 7ff7f780257c 40 API calls 18184->18187 18190 7ff7f780257c 40 API calls 18185->18190 18193 7ff7f77fffaa 18185->18193 18186->18172 18188 7ff7f780002c 18187->18188 18189 7ff7f77f9f78 __free_lconv_mon 11 API calls 18188->18189 18191 7ff7f7800036 18189->18191 18194 7ff7f77fffd6 18190->18194 18191->18183 18191->18193 18192 7ff7f78000ef 18196 7ff7f77f9f78 __free_lconv_mon 11 API calls 18192->18196 18193->18192 18197 7ff7f77fdeb8 _wfindfirst32i64 11 API calls 18193->18197 18195 7ff7f77f9f78 __free_lconv_mon 11 API calls 18194->18195 18195->18193 18196->18178 18198 7ff7f780007b 18197->18198 18199 7ff7f7800083 18198->18199 18200 7ff7f780008c 18198->18200 18201 7ff7f77f9f78 __free_lconv_mon 11 API calls 18199->18201 18202 7ff7f77ff9a4 _wfindfirst32i64 37 API calls 18200->18202 18203 7ff7f780008a 18201->18203 18204 7ff7f780009a 18202->18204 18207 7ff7f77f9f78 __free_lconv_mon 11 API calls 18203->18207 18205 7ff7f78000a2 SetEnvironmentVariableW 18204->18205 18206 7ff7f780012f 18204->18206 18208 7ff7f78000c6 18205->18208 18209 7ff7f78000e7 18205->18209 18210 7ff7f77f9f30 _wfindfirst32i64 17 API calls 18206->18210 18207->18178 18213 7ff7f77f6088 _wfindfirst32i64 11 API calls 18208->18213 18212 7ff7f77f9f78 __free_lconv_mon 11 API calls 18209->18212 18211 7ff7f7800143 18210->18211 18212->18192 18214 7ff7f78000cb 18213->18214 18215 7ff7f77f9f78 __free_lconv_mon 11 API calls 18214->18215 18215->18203 18217 7ff7f780026c 18216->18217 18223 7ff7f780024f 18216->18223 18218 7ff7f77fdeb8 _wfindfirst32i64 11 API calls 18217->18218 18226 7ff7f7800290 18218->18226 18219 7ff7f78002f1 18221 7ff7f77f9f78 __free_lconv_mon 11 API calls 18219->18221 18220 7ff7f77f936c __GetCurrentState 45 API calls 18222 7ff7f780031a 18220->18222 18221->18223 18223->18158 18224 7ff7f77fdeb8 _wfindfirst32i64 11 API calls 18224->18226 18225 7ff7f77f9f78 __free_lconv_mon 11 API calls 18225->18226 18226->18219 18226->18224 18226->18225 18227 7ff7f77ff9a4 _wfindfirst32i64 37 API calls 18226->18227 18228 7ff7f7800300 18226->18228 18230 7ff7f7800314 18226->18230 18227->18226 18229 7ff7f77f9f30 _wfindfirst32i64 17 API calls 18228->18229 18229->18230 18230->18220 18232 7ff7f7800179 18231->18232 18239 7ff7f7800161 18231->18239 18233 7ff7f77fdeb8 _wfindfirst32i64 11 API calls 18232->18233 18234 7ff7f780019d 18233->18234 18235 7ff7f78001fe 18234->18235 18240 7ff7f77fdeb8 _wfindfirst32i64 11 API calls 18234->18240 18241 7ff7f77f9f78 __free_lconv_mon 11 API calls 18234->18241 18242 7ff7f77f930c __std_exception_copy 37 API calls 18234->18242 18243 7ff7f780020d 18234->18243 18245 7ff7f7800222 18234->18245 18237 7ff7f77f9f78 __free_lconv_mon 11 API calls 18235->18237 18236 7ff7f77f936c __GetCurrentState 45 API calls 18238 7ff7f7800228 18236->18238 18237->18239 18239->18093 18240->18234 18241->18234 18242->18234 18244 7ff7f77f9f30 _wfindfirst32i64 17 API calls 18243->18244 18244->18245 18245->18236 18247 7ff7f77f8695 18246->18247 18248 7ff7f77f868c 18246->18248 18247->18107 18247->18108 18248->18247 18346 7ff7f77f8154 18248->18346 18253 7ff7f78056dc 18252->18253 18254 7ff7f7806539 18252->18254 18255 7ff7f78056e9 18253->18255 18263 7ff7f780571f 18253->18263 18256 7ff7f77f4a84 45 API calls 18254->18256 18259 7ff7f77f6088 _wfindfirst32i64 11 API calls 18255->18259 18272 7ff7f7805690 18255->18272 18258 7ff7f780656d 18256->18258 18257 7ff7f7805749 18260 7ff7f77f6088 _wfindfirst32i64 11 API calls 18257->18260 18261 7ff7f7806572 18258->18261 18265 7ff7f7806583 18258->18265 18269 7ff7f780659a 18258->18269 18262 7ff7f78056f3 18259->18262 18264 7ff7f780574e 18260->18264 18261->18114 18266 7ff7f77f9f10 _invalid_parameter_noinfo 37 API calls 18262->18266 18263->18257 18267 7ff7f780576e 18263->18267 18268 7ff7f77f9f10 _invalid_parameter_noinfo 37 API calls 18264->18268 18270 7ff7f77f6088 _wfindfirst32i64 11 API calls 18265->18270 18271 7ff7f78056fe 18266->18271 18276 7ff7f77f4a84 45 API calls 18267->18276 18278 7ff7f7805759 18267->18278 18268->18278 18274 7ff7f78065b6 18269->18274 18275 7ff7f78065a4 18269->18275 18273 7ff7f7806588 18270->18273 18271->18114 18272->18114 18281 7ff7f77f9f10 _invalid_parameter_noinfo 37 API calls 18273->18281 18279 7ff7f78065de 18274->18279 18280 7ff7f78065c7 18274->18280 18277 7ff7f77f6088 _wfindfirst32i64 11 API calls 18275->18277 18276->18278 18282 7ff7f78065a9 18277->18282 18278->18114 18587 7ff7f7808408 18279->18587 18578 7ff7f780572c 18280->18578 18281->18261 18285 7ff7f77f9f10 _invalid_parameter_noinfo 37 API calls 18282->18285 18285->18261 18287 7ff7f77f6088 _wfindfirst32i64 11 API calls 18287->18261 18289 7ff7f780259e 18288->18289 18290 7ff7f78025bb 18288->18290 18289->18290 18292 7ff7f78025ac 18289->18292 18291 7ff7f78025c5 18290->18291 18627 7ff7f7807038 18290->18627 18634 7ff7f77ffa0c 18291->18634 18294 7ff7f77f6088 _wfindfirst32i64 11 API calls 18292->18294 18296 7ff7f78025b1 memcpy_s 18294->18296 18296->18128 18298 7ff7f77f4a84 45 API calls 18297->18298 18299 7ff7f78066aa 18298->18299 18300 7ff7f78066b8 18299->18300 18301 7ff7f77fe144 5 API calls 18299->18301 18302 7ff7f77f456c 14 API calls 18300->18302 18301->18300 18303 7ff7f7806714 18302->18303 18304 7ff7f78067a4 18303->18304 18305 7ff7f77f4a84 45 API calls 18303->18305 18307 7ff7f78067b5 18304->18307 18308 7ff7f77f9f78 __free_lconv_mon 11 API calls 18304->18308 18306 7ff7f7806727 18305->18306 18310 7ff7f77fe144 5 API calls 18306->18310 18312 7ff7f7806730 18306->18312 18309 7ff7f77ffd63 18307->18309 18311 7ff7f77f9f78 __free_lconv_mon 11 API calls 18307->18311 18308->18307 18309->18147 18309->18148 18310->18312 18311->18309 18313 7ff7f77f456c 14 API calls 18312->18313 18314 7ff7f780678b 18313->18314 18314->18304 18315 7ff7f7806793 SetEnvironmentVariableW 18314->18315 18315->18304 18317 7ff7f77f86c8 18316->18317 18320 7ff7f77f86d1 18316->18320 18318 7ff7f77f81c8 40 API calls 18317->18318 18317->18320 18319 7ff7f77f86da 18318->18319 18319->18320 18321 7ff7f77f8588 12 API calls 18319->18321 18320->18174 18320->18175 18321->18320 18323 7ff7f78063f9 18322->18323 18326 7ff7f7806426 18322->18326 18324 7ff7f78063fe 18323->18324 18323->18326 18325 7ff7f77f6088 _wfindfirst32i64 11 API calls 18324->18325 18328 7ff7f7806403 18325->18328 18327 7ff7f780646a 18326->18327 18330 7ff7f7806489 18326->18330 18344 7ff7f780645e __crtLCMapStringW 18326->18344 18329 7ff7f77f6088 _wfindfirst32i64 11 API calls 18327->18329 18331 7ff7f77f9f10 _invalid_parameter_noinfo 37 API calls 18328->18331 18332 7ff7f780646f 18329->18332 18333 7ff7f78064a5 18330->18333 18334 7ff7f7806493 18330->18334 18335 7ff7f780640e 18331->18335 18337 7ff7f77f9f10 _invalid_parameter_noinfo 37 API calls 18332->18337 18336 7ff7f77f4a84 45 API calls 18333->18336 18338 7ff7f77f6088 _wfindfirst32i64 11 API calls 18334->18338 18335->18172 18339 7ff7f78064b2 18336->18339 18337->18344 18340 7ff7f7806498 18338->18340 18339->18344 18646 7ff7f7807fc4 18339->18646 18341 7ff7f77f9f10 _invalid_parameter_noinfo 37 API calls 18340->18341 18341->18344 18344->18172 18345 7ff7f77f6088 _wfindfirst32i64 11 API calls 18345->18344 18347 7ff7f77f816d 18346->18347 18348 7ff7f77f8169 18346->18348 18369 7ff7f78017b0 18347->18369 18348->18247 18361 7ff7f77f84a8 18348->18361 18353 7ff7f77f817f 18355 7ff7f77f9f78 __free_lconv_mon 11 API calls 18353->18355 18354 7ff7f77f818b 18395 7ff7f77f8238 18354->18395 18355->18348 18358 7ff7f77f9f78 __free_lconv_mon 11 API calls 18359 7ff7f77f81b2 18358->18359 18360 7ff7f77f9f78 __free_lconv_mon 11 API calls 18359->18360 18360->18348 18362 7ff7f77f84d1 18361->18362 18367 7ff7f77f84ea 18361->18367 18362->18247 18363 7ff7f77fdeb8 _wfindfirst32i64 11 API calls 18363->18367 18364 7ff7f77f857a 18366 7ff7f77f9f78 __free_lconv_mon 11 API calls 18364->18366 18365 7ff7f77ff138 WideCharToMultiByte 18365->18367 18366->18362 18367->18362 18367->18363 18367->18364 18367->18365 18368 7ff7f77f9f78 __free_lconv_mon 11 API calls 18367->18368 18368->18367 18370 7ff7f78017bd 18369->18370 18374 7ff7f77f8172 18369->18374 18414 7ff7f77fa854 18370->18414 18375 7ff7f7801aec GetEnvironmentStringsW 18374->18375 18376 7ff7f77f8177 18375->18376 18377 7ff7f7801b1c 18375->18377 18376->18353 18376->18354 18378 7ff7f77ff138 WideCharToMultiByte 18377->18378 18379 7ff7f7801b6d 18378->18379 18380 7ff7f7801b74 FreeEnvironmentStringsW 18379->18380 18381 7ff7f77fcc2c _fread_nolock 12 API calls 18379->18381 18380->18376 18382 7ff7f7801b87 18381->18382 18383 7ff7f7801b8f 18382->18383 18384 7ff7f7801b98 18382->18384 18385 7ff7f77f9f78 __free_lconv_mon 11 API calls 18383->18385 18386 7ff7f77ff138 WideCharToMultiByte 18384->18386 18387 7ff7f7801b96 18385->18387 18388 7ff7f7801bbb 18386->18388 18387->18380 18389 7ff7f7801bbf 18388->18389 18390 7ff7f7801bc9 18388->18390 18391 7ff7f77f9f78 __free_lconv_mon 11 API calls 18389->18391 18392 7ff7f77f9f78 __free_lconv_mon 11 API calls 18390->18392 18393 7ff7f7801bc7 FreeEnvironmentStringsW 18391->18393 18392->18393 18393->18376 18396 7ff7f77f825d 18395->18396 18397 7ff7f77fdeb8 _wfindfirst32i64 11 API calls 18396->18397 18410 7ff7f77f8293 18397->18410 18398 7ff7f77f829b 18399 7ff7f77f9f78 __free_lconv_mon 11 API calls 18398->18399 18400 7ff7f77f8193 18399->18400 18400->18358 18401 7ff7f77f830e 18402 7ff7f77f9f78 __free_lconv_mon 11 API calls 18401->18402 18402->18400 18403 7ff7f77fdeb8 _wfindfirst32i64 11 API calls 18403->18410 18404 7ff7f77f82fd 18405 7ff7f77f8464 11 API calls 18404->18405 18407 7ff7f77f8305 18405->18407 18406 7ff7f77f930c __std_exception_copy 37 API calls 18406->18410 18408 7ff7f77f9f78 __free_lconv_mon 11 API calls 18407->18408 18408->18398 18409 7ff7f77f8333 18411 7ff7f77f9f30 _wfindfirst32i64 17 API calls 18409->18411 18410->18398 18410->18401 18410->18403 18410->18404 18410->18406 18410->18409 18412 7ff7f77f9f78 __free_lconv_mon 11 API calls 18410->18412 18413 7ff7f77f8346 18411->18413 18412->18410 18415 7ff7f77fa865 FlsGetValue 18414->18415 18416 7ff7f77fa880 FlsSetValue 18414->18416 18417 7ff7f77fa872 18415->18417 18418 7ff7f77fa87a 18415->18418 18416->18417 18419 7ff7f77fa88d 18416->18419 18420 7ff7f77fa878 18417->18420 18421 7ff7f77f936c __GetCurrentState 45 API calls 18417->18421 18418->18416 18422 7ff7f77fdeb8 _wfindfirst32i64 11 API calls 18419->18422 18434 7ff7f7801484 18420->18434 18423 7ff7f77fa8f5 18421->18423 18424 7ff7f77fa89c 18422->18424 18425 7ff7f77fa8ba FlsSetValue 18424->18425 18426 7ff7f77fa8aa FlsSetValue 18424->18426 18428 7ff7f77fa8c6 FlsSetValue 18425->18428 18429 7ff7f77fa8d8 18425->18429 18427 7ff7f77fa8b3 18426->18427 18431 7ff7f77f9f78 __free_lconv_mon 11 API calls 18427->18431 18428->18427 18430 7ff7f77fa524 _wfindfirst32i64 11 API calls 18429->18430 18432 7ff7f77fa8e0 18430->18432 18431->18417 18433 7ff7f77f9f78 __free_lconv_mon 11 API calls 18432->18433 18433->18420 18457 7ff7f78016f4 18434->18457 18436 7ff7f78014b9 18472 7ff7f7801184 18436->18472 18439 7ff7f78014d6 18439->18374 18440 7ff7f77fcc2c _fread_nolock 12 API calls 18441 7ff7f78014e7 18440->18441 18442 7ff7f78014ef 18441->18442 18444 7ff7f78014fe 18441->18444 18443 7ff7f77f9f78 __free_lconv_mon 11 API calls 18442->18443 18443->18439 18444->18444 18479 7ff7f780182c 18444->18479 18447 7ff7f78015fa 18448 7ff7f77f6088 _wfindfirst32i64 11 API calls 18447->18448 18449 7ff7f78015ff 18448->18449 18452 7ff7f77f9f78 __free_lconv_mon 11 API calls 18449->18452 18450 7ff7f7801655 18451 7ff7f78016bc 18450->18451 18490 7ff7f7800fb4 18450->18490 18455 7ff7f77f9f78 __free_lconv_mon 11 API calls 18451->18455 18452->18439 18453 7ff7f7801614 18453->18450 18456 7ff7f77f9f78 __free_lconv_mon 11 API calls 18453->18456 18455->18439 18456->18450 18458 7ff7f7801717 18457->18458 18459 7ff7f7801721 18458->18459 18505 7ff7f77ff808 EnterCriticalSection 18458->18505 18461 7ff7f7801793 18459->18461 18463 7ff7f77f936c __GetCurrentState 45 API calls 18459->18463 18461->18436 18465 7ff7f78017ab 18463->18465 18468 7ff7f77fa854 50 API calls 18465->18468 18471 7ff7f7801802 18465->18471 18469 7ff7f78017ec 18468->18469 18470 7ff7f7801484 65 API calls 18469->18470 18470->18471 18471->18436 18473 7ff7f77f4a84 45 API calls 18472->18473 18474 7ff7f7801198 18473->18474 18475 7ff7f78011b6 18474->18475 18476 7ff7f78011a4 GetOEMCP 18474->18476 18477 7ff7f78011bb GetACP 18475->18477 18478 7ff7f78011cb 18475->18478 18476->18478 18477->18478 18478->18439 18478->18440 18480 7ff7f7801184 47 API calls 18479->18480 18482 7ff7f7801859 18480->18482 18481 7ff7f78019af 18483 7ff7f77ea100 _wfindfirst32i64 8 API calls 18481->18483 18482->18481 18484 7ff7f7801896 IsValidCodePage 18482->18484 18486 7ff7f78018b0 memcpy_s 18482->18486 18485 7ff7f78015f1 18483->18485 18484->18481 18487 7ff7f78018a7 18484->18487 18485->18447 18485->18453 18506 7ff7f780129c 18486->18506 18487->18486 18488 7ff7f78018d6 GetCPInfo 18487->18488 18488->18481 18488->18486 18577 7ff7f77ff808 EnterCriticalSection 18490->18577 18507 7ff7f78012d9 GetCPInfo 18506->18507 18516 7ff7f78013cf 18506->18516 18512 7ff7f78012ec 18507->18512 18507->18516 18508 7ff7f77ea100 _wfindfirst32i64 8 API calls 18509 7ff7f780146e 18508->18509 18509->18481 18517 7ff7f7801fe0 18512->18517 18515 7ff7f7806f84 54 API calls 18515->18516 18516->18508 18518 7ff7f77f4a84 45 API calls 18517->18518 18519 7ff7f7802022 18518->18519 18520 7ff7f77fe870 _fread_nolock MultiByteToWideChar 18519->18520 18522 7ff7f7802058 18520->18522 18521 7ff7f780205f 18524 7ff7f77ea100 _wfindfirst32i64 8 API calls 18521->18524 18522->18521 18523 7ff7f77fcc2c _fread_nolock 12 API calls 18522->18523 18526 7ff7f780211c 18522->18526 18528 7ff7f7802088 memcpy_s 18522->18528 18523->18528 18525 7ff7f7801363 18524->18525 18532 7ff7f7806f84 18525->18532 18526->18521 18527 7ff7f77f9f78 __free_lconv_mon 11 API calls 18526->18527 18527->18521 18528->18526 18529 7ff7f77fe870 _fread_nolock MultiByteToWideChar 18528->18529 18530 7ff7f78020fe 18529->18530 18530->18526 18531 7ff7f7802102 GetStringTypeW 18530->18531 18531->18526 18533 7ff7f77f4a84 45 API calls 18532->18533 18534 7ff7f7806fa9 18533->18534 18537 7ff7f7806c50 18534->18537 18538 7ff7f7806c91 18537->18538 18539 7ff7f77fe870 _fread_nolock MultiByteToWideChar 18538->18539 18543 7ff7f7806cdb 18539->18543 18540 7ff7f7806f59 18541 7ff7f77ea100 _wfindfirst32i64 8 API calls 18540->18541 18542 7ff7f7801396 18541->18542 18542->18515 18543->18540 18544 7ff7f77fcc2c _fread_nolock 12 API calls 18543->18544 18545 7ff7f7806e11 18543->18545 18546 7ff7f7806d13 18543->18546 18544->18546 18545->18540 18547 7ff7f77f9f78 __free_lconv_mon 11 API calls 18545->18547 18546->18545 18548 7ff7f77fe870 _fread_nolock MultiByteToWideChar 18546->18548 18547->18540 18549 7ff7f7806d86 18548->18549 18549->18545 18568 7ff7f77fe304 18549->18568 18552 7ff7f7806e22 18555 7ff7f77fcc2c _fread_nolock 12 API calls 18552->18555 18556 7ff7f7806ef4 18552->18556 18558 7ff7f7806e40 18552->18558 18553 7ff7f7806dd1 18553->18545 18554 7ff7f77fe304 __crtLCMapStringW 6 API calls 18553->18554 18554->18545 18555->18558 18556->18545 18557 7ff7f77f9f78 __free_lconv_mon 11 API calls 18556->18557 18557->18545 18558->18545 18559 7ff7f77fe304 __crtLCMapStringW 6 API calls 18558->18559 18560 7ff7f7806ec0 18559->18560 18560->18556 18561 7ff7f7806ef6 18560->18561 18562 7ff7f7806ee0 18560->18562 18564 7ff7f77ff138 WideCharToMultiByte 18561->18564 18563 7ff7f77ff138 WideCharToMultiByte 18562->18563 18565 7ff7f7806eee 18563->18565 18564->18565 18565->18556 18566 7ff7f7806f0e 18565->18566 18566->18545 18567 7ff7f77f9f78 __free_lconv_mon 11 API calls 18566->18567 18567->18545 18569 7ff7f77fdf30 __crtLCMapStringW 5 API calls 18568->18569 18570 7ff7f77fe342 18569->18570 18573 7ff7f77fe34a 18570->18573 18574 7ff7f77fe3f0 18570->18574 18572 7ff7f77fe3b3 LCMapStringW 18572->18573 18573->18545 18573->18552 18573->18553 18575 7ff7f77fdf30 __crtLCMapStringW 5 API calls 18574->18575 18576 7ff7f77fe41e __crtLCMapStringW 18575->18576 18576->18572 18579 7ff7f7805760 18578->18579 18580 7ff7f7805749 18578->18580 18579->18580 18583 7ff7f780576e 18579->18583 18581 7ff7f77f6088 _wfindfirst32i64 11 API calls 18580->18581 18582 7ff7f780574e 18581->18582 18584 7ff7f77f9f10 _invalid_parameter_noinfo 37 API calls 18582->18584 18585 7ff7f77f4a84 45 API calls 18583->18585 18586 7ff7f7805759 18583->18586 18584->18586 18585->18586 18586->18261 18588 7ff7f77f4a84 45 API calls 18587->18588 18589 7ff7f780842d 18588->18589 18592 7ff7f7808084 18589->18592 18595 7ff7f78080d2 18592->18595 18593 7ff7f77ea100 _wfindfirst32i64 8 API calls 18594 7ff7f7806605 18593->18594 18594->18261 18594->18287 18596 7ff7f7808159 18595->18596 18598 7ff7f7808144 GetCPInfo 18595->18598 18601 7ff7f780815d 18595->18601 18597 7ff7f77fe870 _fread_nolock MultiByteToWideChar 18596->18597 18596->18601 18599 7ff7f78081f1 18597->18599 18598->18596 18598->18601 18600 7ff7f77fcc2c _fread_nolock 12 API calls 18599->18600 18599->18601 18602 7ff7f7808228 18599->18602 18600->18602 18601->18593 18602->18601 18603 7ff7f77fe870 _fread_nolock MultiByteToWideChar 18602->18603 18604 7ff7f7808296 18603->18604 18605 7ff7f7808378 18604->18605 18606 7ff7f77fe870 _fread_nolock MultiByteToWideChar 18604->18606 18605->18601 18607 7ff7f77f9f78 __free_lconv_mon 11 API calls 18605->18607 18608 7ff7f78082bc 18606->18608 18607->18601 18608->18605 18609 7ff7f77fcc2c _fread_nolock 12 API calls 18608->18609 18610 7ff7f78082e9 18608->18610 18609->18610 18610->18605 18611 7ff7f77fe870 _fread_nolock MultiByteToWideChar 18610->18611 18612 7ff7f7808360 18611->18612 18613 7ff7f7808380 18612->18613 18614 7ff7f7808366 18612->18614 18621 7ff7f77fe188 18613->18621 18614->18605 18616 7ff7f77f9f78 __free_lconv_mon 11 API calls 18614->18616 18616->18605 18618 7ff7f78083bf 18618->18601 18620 7ff7f77f9f78 __free_lconv_mon 11 API calls 18618->18620 18619 7ff7f77f9f78 __free_lconv_mon 11 API calls 18619->18618 18620->18601 18622 7ff7f77fdf30 __crtLCMapStringW 5 API calls 18621->18622 18623 7ff7f77fe1c6 18622->18623 18624 7ff7f77fe1ce 18623->18624 18625 7ff7f77fe3f0 __crtLCMapStringW 5 API calls 18623->18625 18624->18618 18624->18619 18626 7ff7f77fe237 CompareStringW 18625->18626 18626->18624 18628 7ff7f7807041 18627->18628 18629 7ff7f780705a HeapSize 18627->18629 18630 7ff7f77f6088 _wfindfirst32i64 11 API calls 18628->18630 18631 7ff7f7807046 18630->18631 18632 7ff7f77f9f10 _invalid_parameter_noinfo 37 API calls 18631->18632 18633 7ff7f7807051 18632->18633 18633->18291 18635 7ff7f77ffa21 18634->18635 18636 7ff7f77ffa2b 18634->18636 18637 7ff7f77fcc2c _fread_nolock 12 API calls 18635->18637 18638 7ff7f77ffa30 18636->18638 18644 7ff7f77ffa37 _wfindfirst32i64 18636->18644 18642 7ff7f77ffa29 18637->18642 18639 7ff7f77f9f78 __free_lconv_mon 11 API calls 18638->18639 18639->18642 18640 7ff7f77ffa3d 18643 7ff7f77f6088 _wfindfirst32i64 11 API calls 18640->18643 18641 7ff7f77ffa6a HeapReAlloc 18641->18642 18641->18644 18642->18296 18643->18642 18644->18640 18644->18641 18645 7ff7f7802730 _wfindfirst32i64 2 API calls 18644->18645 18645->18644 18647 7ff7f7807fed __crtLCMapStringW 18646->18647 18648 7ff7f78064ee 18647->18648 18649 7ff7f77fe188 6 API calls 18647->18649 18648->18344 18648->18345 18649->18648

                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                              Function 00007FF7F7804EA0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 135 7ff7f7804ea0-7ff7f7804edb call 7ff7f7804828 call 7ff7f7804830 call 7ff7f7804898 142 7ff7f7805105-7ff7f7805151 call 7ff7f77f9f30 call 7ff7f7804828 call 7ff7f7804830 call 7ff7f7804898 135->142 143 7ff7f7804ee1-7ff7f7804eec call 7ff7f7804838 135->143 168 7ff7f780528f-7ff7f78052fd call 7ff7f77f9f30 call 7ff7f7800738 142->168 169 7ff7f7805157-7ff7f7805162 call 7ff7f7804838 142->169 143->142 148 7ff7f7804ef2-7ff7f7804efc 143->148 150 7ff7f7804f1e-7ff7f7804f22 148->150 151 7ff7f7804efe-7ff7f7804f01 148->151 154 7ff7f7804f25-7ff7f7804f2d 150->154 153 7ff7f7804f04-7ff7f7804f0f 151->153 156 7ff7f7804f11-7ff7f7804f18 153->156 157 7ff7f7804f1a-7ff7f7804f1c 153->157 154->154 158 7ff7f7804f2f-7ff7f7804f42 call 7ff7f77fcc2c 154->158 156->153 156->157 157->150 160 7ff7f7804f4b-7ff7f7804f59 157->160 165 7ff7f7804f44-7ff7f7804f46 call 7ff7f77f9f78 158->165 166 7ff7f7804f5a-7ff7f7804f66 call 7ff7f77f9f78 158->166 165->160 176 7ff7f7804f6d-7ff7f7804f75 166->176 189 7ff7f78052ff-7ff7f7805306 168->189 190 7ff7f780530b-7ff7f780530e 168->190 169->168 178 7ff7f7805168-7ff7f7805173 call 7ff7f7804868 169->178 176->176 179 7ff7f7804f77-7ff7f7804f88 call 7ff7f77ff9a4 176->179 178->168 187 7ff7f7805179-7ff7f780519c call 7ff7f77f9f78 GetTimeZoneInformation 178->187 179->142 188 7ff7f7804f8e-7ff7f7804fe4 call 7ff7f77eb880 * 4 call 7ff7f7804dbc 179->188 205 7ff7f7805264-7ff7f780528e call 7ff7f7804820 call 7ff7f7804810 call 7ff7f7804818 187->205 206 7ff7f78051a2-7ff7f78051c3 187->206 247 7ff7f7804fe6-7ff7f7804fea 188->247 195 7ff7f780539b-7ff7f780539e 189->195 191 7ff7f7805345-7ff7f7805358 call 7ff7f77fcc2c 190->191 192 7ff7f7805310 190->192 208 7ff7f7805363-7ff7f780537e call 7ff7f7800738 191->208 209 7ff7f780535a 191->209 197 7ff7f7805313 192->197 196 7ff7f78053a4-7ff7f78053ac call 7ff7f7804ea0 195->196 195->197 203 7ff7f7805318-7ff7f7805344 call 7ff7f77f9f78 call 7ff7f77ea100 196->203 197->203 204 7ff7f7805313 call 7ff7f780511c 197->204 204->203 211 7ff7f78051c5-7ff7f78051cb 206->211 212 7ff7f78051ce-7ff7f78051d5 206->212 233 7ff7f7805385-7ff7f7805397 call 7ff7f77f9f78 208->233 234 7ff7f7805380-7ff7f7805383 208->234 216 7ff7f780535c-7ff7f7805361 call 7ff7f77f9f78 209->216 211->212 218 7ff7f78051e9 212->218 219 7ff7f78051d7-7ff7f78051df 212->219 216->192 229 7ff7f78051eb-7ff7f780525f call 7ff7f77eb880 * 4 call 7ff7f7801cfc call 7ff7f78053b4 * 2 218->229 219->218 226 7ff7f78051e1-7ff7f78051e7 219->226 226->229 229->205 233->195 234->216 249 7ff7f7804ff0-7ff7f7804ff4 247->249 250 7ff7f7804fec 247->250 249->247 252 7ff7f7804ff6-7ff7f780501b call 7ff7f7807ce4 249->252 250->249 258 7ff7f780501e-7ff7f7805022 252->258 260 7ff7f7805024-7ff7f780502f 258->260 261 7ff7f7805031-7ff7f7805035 258->261 260->261 263 7ff7f7805037-7ff7f780503b 260->263 261->258 266 7ff7f780503d-7ff7f7805065 call 7ff7f7807ce4 263->266 267 7ff7f78050bc-7ff7f78050c0 263->267 274 7ff7f7805083-7ff7f7805087 266->274 275 7ff7f7805067 266->275 268 7ff7f78050c2-7ff7f78050c4 267->268 269 7ff7f78050c7-7ff7f78050d4 267->269 268->269 271 7ff7f78050d6-7ff7f78050ec call 7ff7f7804dbc 269->271 272 7ff7f78050ef-7ff7f78050fe call 7ff7f7804820 call 7ff7f7804810 269->272 271->272 272->142 274->267 280 7ff7f7805089-7ff7f78050a7 call 7ff7f7807ce4 274->280 278 7ff7f780506a-7ff7f7805071 275->278 278->274 282 7ff7f7805073-7ff7f7805081 278->282 287 7ff7f78050b3-7ff7f78050ba 280->287 282->274 282->278 287->267 288 7ff7f78050a9-7ff7f78050ad 287->288 288->267 289 7ff7f78050af 288->289 289->287
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF7F7804EE5
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F7804838: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F780484C
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F77F9F78: RtlFreeHeap.NTDLL(?,?,?,00007FF7F7801EC2,?,?,?,00007FF7F7801EFF,?,?,00000000,00007FF7F78023C5,?,?,00000000,00007FF7F78022F7), ref: 00007FF7F77F9F8E
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F77F9F78: GetLastError.KERNEL32(?,?,?,00007FF7F7801EC2,?,?,?,00007FF7F7801EFF,?,?,00000000,00007FF7F78023C5,?,?,00000000,00007FF7F78022F7), ref: 00007FF7F77F9F98
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F77F9F30: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7F77F9F0F,?,?,?,?,?,00007FF7F77F1A40), ref: 00007FF7F77F9F39
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F77F9F30: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7F77F9F0F,?,?,?,?,?,00007FF7F77F1A40), ref: 00007FF7F77F9F5E
                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF7F7804ED4
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F7804898: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F78048AC
                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF7F780514A
                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF7F780515B
                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF7F780516C
                                                                                                                                                                                                                              • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7F78053AC), ref: 00007FF7F7805193
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                              • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                              • API String ID: 4070488512-239921721
                                                                                                                                                                                                                              • Opcode ID: aa85b069b6fb92bd10a5b6d5be9144cf64bbc0ff06c8fbb0fdd7caf4b6a87e0b
                                                                                                                                                                                                                              • Instruction ID: 24c79f31e7190146be39083eace930d44068d65718be63181020fe4095b79aaa
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aa85b069b6fb92bd10a5b6d5be9144cf64bbc0ff06c8fbb0fdd7caf4b6a87e0b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 22D1C02AA2824286E724BF21D8405B9ABA1FF45795FC04036EE2D476D5DF3CE462C7F0
                                                                                                                                                                                                                              Function 00007FF7F77E58E0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 139COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetTempPathW.KERNEL32(?,00000000,?,00007FF7F77E58AD), ref: 00007FF7F77E597A
                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,00007FF7F77E58AD), ref: 00007FF7F77E5980
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F77E5AF0: GetEnvironmentVariableW.KERNEL32(00007FF7F77E2817,?,?,?,?,?,?), ref: 00007FF7F77E5B2A
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F77E5AF0: ExpandEnvironmentStringsW.KERNEL32(?,?,?,?,?,?), ref: 00007FF7F77E5B47
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F77F6818: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F77F6831
                                                                                                                                                                                                                              • SetEnvironmentVariableW.KERNEL32(?,TokenIntegrityLevel), ref: 00007FF7F77E5A31
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Environment$Variable$CurrentExpandPathProcessStringsTemp_invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                                                                                                                                                                              • API String ID: 1556224225-1116378104
                                                                                                                                                                                                                              • Opcode ID: 6ac9d4728035ca64dabf235f5e33cc735f54d1bd691e68e61cad0e32aa018a00
                                                                                                                                                                                                                              • Instruction ID: b3529fc03602dfe69a61db54195ef8565b05f89673e6448339d6bcc73bae175c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6ac9d4728035ca64dabf235f5e33cc735f54d1bd691e68e61cad0e32aa018a00
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 30517A19B2964641EB54BB22AA662FAD6825F4DBC0FC44435EC2E877D6ED3CE00343F1
                                                                                                                                                                                                                              Function 00007FF7F7805DEC Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 390 7ff7f7805dec-7ff7f7805e5f call 7ff7f7805b20 393 7ff7f7805e61-7ff7f7805e6a call 7ff7f77f6068 390->393 394 7ff7f7805e79-7ff7f7805e83 call 7ff7f77f6e60 390->394 399 7ff7f7805e6d-7ff7f7805e74 call 7ff7f77f6088 393->399 400 7ff7f7805e85-7ff7f7805e9c call 7ff7f77f6068 call 7ff7f77f6088 394->400 401 7ff7f7805e9e-7ff7f7805f07 CreateFileW 394->401 414 7ff7f78061ba-7ff7f78061da 399->414 400->399 404 7ff7f7805f84-7ff7f7805f8f GetFileType 401->404 405 7ff7f7805f09-7ff7f7805f0f 401->405 409 7ff7f7805fe2-7ff7f7805fe9 404->409 410 7ff7f7805f91-7ff7f7805fcc GetLastError call 7ff7f77f5ffc CloseHandle 404->410 406 7ff7f7805f51-7ff7f7805f7f GetLastError call 7ff7f77f5ffc 405->406 407 7ff7f7805f11-7ff7f7805f15 405->407 406->399 407->406 412 7ff7f7805f17-7ff7f7805f4f CreateFileW 407->412 417 7ff7f7805ff1-7ff7f7805ff4 409->417 418 7ff7f7805feb-7ff7f7805fef 409->418 410->399 425 7ff7f7805fd2-7ff7f7805fdd call 7ff7f77f6088 410->425 412->404 412->406 422 7ff7f7805ffa-7ff7f780604f call 7ff7f77f6d78 417->422 423 7ff7f7805ff6 417->423 418->422 428 7ff7f7806051-7ff7f780605d call 7ff7f7805d28 422->428 429 7ff7f780606e-7ff7f780609f call 7ff7f78058a0 422->429 423->422 425->399 428->429 435 7ff7f780605f 428->435 436 7ff7f78060a5-7ff7f78060e7 429->436 437 7ff7f78060a1-7ff7f78060a3 429->437 438 7ff7f7806061-7ff7f7806069 call 7ff7f77fa0f0 435->438 439 7ff7f7806109-7ff7f7806114 436->439 440 7ff7f78060e9-7ff7f78060ed 436->440 437->438 438->414 442 7ff7f780611a-7ff7f780611e 439->442 443 7ff7f78061b8 439->443 440->439 441 7ff7f78060ef-7ff7f7806104 440->441 441->439 442->443 445 7ff7f7806124-7ff7f7806169 CloseHandle CreateFileW 442->445 443->414 447 7ff7f780619e-7ff7f78061b3 445->447 448 7ff7f780616b-7ff7f7806199 GetLastError call 7ff7f77f5ffc call 7ff7f77f6fa0 445->448 447->443 448->447
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1617910340-0
                                                                                                                                                                                                                              • Opcode ID: 52a4378cdb78c32285671ba8c66096e739a338fe2dbd84037285ee5c330aca07
                                                                                                                                                                                                                              • Instruction ID: 360b9dc0af249a692f58dea3af871e1683dbc20958c27c105da80fa30da12113
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 52a4378cdb78c32285671ba8c66096e739a338fe2dbd84037285ee5c330aca07
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 37C1D43BB24A4285EB10DF64C4906AC7BA5FB49B98B811235DE3E577D5CF38D066C3A0
                                                                                                                                                                                                                              Function 00007FF7F780511C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 795 7ff7f780511c-7ff7f7805151 call 7ff7f7804828 call 7ff7f7804830 call 7ff7f7804898 802 7ff7f780528f-7ff7f78052fd call 7ff7f77f9f30 call 7ff7f7800738 795->802 803 7ff7f7805157-7ff7f7805162 call 7ff7f7804838 795->803 815 7ff7f78052ff-7ff7f7805306 802->815 816 7ff7f780530b-7ff7f780530e 802->816 803->802 808 7ff7f7805168-7ff7f7805173 call 7ff7f7804868 803->808 808->802 814 7ff7f7805179-7ff7f780519c call 7ff7f77f9f78 GetTimeZoneInformation 808->814 829 7ff7f7805264-7ff7f780528e call 7ff7f7804820 call 7ff7f7804810 call 7ff7f7804818 814->829 830 7ff7f78051a2-7ff7f78051c3 814->830 820 7ff7f780539b-7ff7f780539e 815->820 817 7ff7f7805345-7ff7f7805358 call 7ff7f77fcc2c 816->817 818 7ff7f7805310 816->818 831 7ff7f7805363-7ff7f780537e call 7ff7f7800738 817->831 832 7ff7f780535a 817->832 822 7ff7f7805313 818->822 821 7ff7f78053a4-7ff7f78053ac call 7ff7f7804ea0 820->821 820->822 827 7ff7f7805318-7ff7f7805344 call 7ff7f77f9f78 call 7ff7f77ea100 821->827 822->827 828 7ff7f7805313 call 7ff7f780511c 822->828 828->827 834 7ff7f78051c5-7ff7f78051cb 830->834 835 7ff7f78051ce-7ff7f78051d5 830->835 853 7ff7f7805385-7ff7f7805397 call 7ff7f77f9f78 831->853 854 7ff7f7805380-7ff7f7805383 831->854 838 7ff7f780535c-7ff7f7805361 call 7ff7f77f9f78 832->838 834->835 840 7ff7f78051e9 835->840 841 7ff7f78051d7-7ff7f78051df 835->841 838->818 849 7ff7f78051eb-7ff7f780525f call 7ff7f77eb880 * 4 call 7ff7f7801cfc call 7ff7f78053b4 * 2 840->849 841->840 847 7ff7f78051e1-7ff7f78051e7 841->847 847->849 849->829 853->820 854->838
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF7F780514A
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F7804898: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F78048AC
                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF7F780515B
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F7804838: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F780484C
                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF7F780516C
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F7804868: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F780487C
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F77F9F78: RtlFreeHeap.NTDLL(?,?,?,00007FF7F7801EC2,?,?,?,00007FF7F7801EFF,?,?,00000000,00007FF7F78023C5,?,?,00000000,00007FF7F78022F7), ref: 00007FF7F77F9F8E
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F77F9F78: GetLastError.KERNEL32(?,?,?,00007FF7F7801EC2,?,?,?,00007FF7F7801EFF,?,?,00000000,00007FF7F78023C5,?,?,00000000,00007FF7F78022F7), ref: 00007FF7F77F9F98
                                                                                                                                                                                                                              • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7F78053AC), ref: 00007FF7F7805193
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                              • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                              • API String ID: 3458911817-239921721
                                                                                                                                                                                                                              • Opcode ID: 745ef94ea7204a2bfbd30c29007a49fe20bc82f24fe0203fc347e73c8b1ad169
                                                                                                                                                                                                                              • Instruction ID: dc3847b5fe86032bebf5e77fc00341fada38b57d58bfdde58b85deecf3cf25d9
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 745ef94ea7204a2bfbd30c29007a49fe20bc82f24fe0203fc347e73c8b1ad169
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0F51922AA2864246E710FF21D9815A9AFA0FF49785FC04135EA2D436D5DF3CE412C7F0
                                                                                                                                                                                                                              Function 00007FF7F77E69E0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2295610775-0
                                                                                                                                                                                                                              • Opcode ID: 0b7e5a9930ef76a70c4e782aa580d8521c3892be20b9910ca6b4e20049941746
                                                                                                                                                                                                                              • Instruction ID: 965ffbbc6717d1901ccbff0b8048cbfbc04e812ac42933dd99c972b1935b5ec0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0b7e5a9930ef76a70c4e782aa580d8521c3892be20b9910ca6b4e20049941746
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 48F0A436A3968186E760AF60E49876AB391BB48724F804335DA7D026D4DF3CD41A8A60
                                                                                                                                                                                                                              Function 00007FF7F77FFA88 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1010374628-0
                                                                                                                                                                                                                              • Opcode ID: 75d002fe4591b2763c705d757baf3cc0a4a90fad9c7f87262f1c13388e508fe9
                                                                                                                                                                                                                              • Instruction ID: 05c9814e6321400676aa4f4e78b2638a3102c53e30ed76f1b253ca6ab7598ad4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 75d002fe4591b2763c705d757baf3cc0a4a90fad9c7f87262f1c13388e508fe9
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F2029129A3D68240FB55BB2196502F9AAD0AF09B90FD44635ED7D463D6EE3CE41383F0
                                                                                                                                                                                                                              Function 00007FF7F77E17B0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 144COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _fread_nolock$_invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                                                                                                                                                                                              • API String ID: 3405171723-4158440160
                                                                                                                                                                                                                              • Opcode ID: 94a15f6e1c8e80cf97ba34afec9e5059923a8984d21c42c0428325640eec2335
                                                                                                                                                                                                                              • Instruction ID: 37def1dd47ba8866b8dda741ad43c753a6b88793beb8ee2c92cc1c5f19be5bba
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 94a15f6e1c8e80cf97ba34afec9e5059923a8984d21c42c0428325640eec2335
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E851BF76A2960286EB14EF24E45117CB7A1FF4CB48B808535D92C833D4DF7CE452C7A2
                                                                                                                                                                                                                              Function 00007FF7F77E1440 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 133COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 53 7ff7f77e1440-7ff7f77e1457 call 7ff7f77e5880 56 7ff7f77e1462-7ff7f77e1485 call 7ff7f77e5ba0 53->56 57 7ff7f77e1459-7ff7f77e1461 53->57 60 7ff7f77e14a7-7ff7f77e14ad 56->60 61 7ff7f77e1487-7ff7f77e14a2 call 7ff7f77e1c10 56->61 63 7ff7f77e14e0-7ff7f77e14f4 call 7ff7f77eec94 60->63 64 7ff7f77e14af-7ff7f77e14ba call 7ff7f77e2de0 60->64 69 7ff7f77e1635-7ff7f77e1647 61->69 71 7ff7f77e1516-7ff7f77e151a 63->71 72 7ff7f77e14f6-7ff7f77e1511 call 7ff7f77e1c10 63->72 70 7ff7f77e14bf-7ff7f77e14c5 64->70 70->63 73 7ff7f77e14c7-7ff7f77e14db call 7ff7f77e1c50 70->73 75 7ff7f77e1534-7ff7f77e1554 call 7ff7f77f414c 71->75 76 7ff7f77e151c-7ff7f77e1528 call 7ff7f77e1050 71->76 82 7ff7f77e1617-7ff7f77e161d 72->82 73->82 87 7ff7f77e1556-7ff7f77e1570 call 7ff7f77e1c10 75->87 88 7ff7f77e1575-7ff7f77e157b 75->88 83 7ff7f77e152d-7ff7f77e152f 76->83 85 7ff7f77e161f call 7ff7f77ee60c 82->85 86 7ff7f77e162b-7ff7f77e162e call 7ff7f77ee60c 82->86 83->82 96 7ff7f77e1624 85->96 97 7ff7f77e1633 86->97 99 7ff7f77e160d-7ff7f77e1612 87->99 89 7ff7f77e1605-7ff7f77e1608 call 7ff7f77f4138 88->89 90 7ff7f77e1581-7ff7f77e1586 88->90 89->99 95 7ff7f77e1590-7ff7f77e15b2 call 7ff7f77ee95c 90->95 102 7ff7f77e15b4-7ff7f77e15cc call 7ff7f77ef09c 95->102 103 7ff7f77e15e5-7ff7f77e15ec 95->103 96->86 97->69 99->82 108 7ff7f77e15d5-7ff7f77e15e3 102->108 109 7ff7f77e15ce-7ff7f77e15d1 102->109 105 7ff7f77e15f3-7ff7f77e15fb call 7ff7f77e1c10 103->105 112 7ff7f77e1600 105->112 108->105 109->95 111 7ff7f77e15d3 109->111 111->112 112->89
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                                              • API String ID: 0-666925554
                                                                                                                                                                                                                              • Opcode ID: 7430fd770866bd707e7e911feb4858bcee29bd3aec56253b2cfaf05103819273
                                                                                                                                                                                                                              • Instruction ID: f78e3ffeaa0f4f685d17feb76bf626a4541578248e65b379b795177328356da1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7430fd770866bd707e7e911feb4858bcee29bd3aec56253b2cfaf05103819273
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4851CF6AB2864241FB20BB11E4156B9E3A0AF49BD8FC44431DD3D477D1EE3CE15683B2
                                                                                                                                                                                                                              Function 00007FF7F77E6A60 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
                                                                                                                                                                                                                              • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                                                                                                                                                                              • API String ID: 4998090-2855260032
                                                                                                                                                                                                                              • Opcode ID: 04a4952acd007a2d57849bf4a7f549880b035f2fca275a5dfd27a02a5c87a0f0
                                                                                                                                                                                                                              • Instruction ID: 18dfbdc9d6a43dc5606ed445be45bc33d5c76baecc0bd61605bd8ac6d0ad4f07
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 04a4952acd007a2d57849bf4a7f549880b035f2fca275a5dfd27a02a5c87a0f0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C341983662C64682E710AF20E4446BAB7A1FF85754FD00231E97E47AD4DF7CD44AC7A1
                                                                                                                                                                                                                              Function 00007FF7F77E6130 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 90processsynchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                                                              • String ID: CreateProcessW$Error creating child process!
                                                                                                                                                                                                                              • API String ID: 2895956056-3524285272
                                                                                                                                                                                                                              • Opcode ID: d5693698e4819ce5d510509d5cda6c943b390b1bcdb6e918232fd1435297541c
                                                                                                                                                                                                                              • Instruction ID: f9b33e07df2b11b3a9397befe9297e0ae48668b75fd2193be78c7261f258d79d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d5693698e4819ce5d510509d5cda6c943b390b1bcdb6e918232fd1435297541c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B1414636A1878281DB20AB60F4452AAF3A4FF98360F800335EABD437D5DF7CD0558BA1
                                                                                                                                                                                                                              Function 00007FF7F77E1000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 274COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 453 7ff7f77e1000-7ff7f77e27b6 call 7ff7f77ee3e0 call 7ff7f77ee3d8 call 7ff7f77e67c0 call 7ff7f77ea130 call 7ff7f77f4310 call 7ff7f77f4f7c call 7ff7f77e1af0 469 7ff7f77e27bc-7ff7f77e27cb call 7ff7f77e2cd0 453->469 470 7ff7f77e28ca 453->470 469->470 475 7ff7f77e27d1-7ff7f77e27e4 call 7ff7f77e2ba0 469->475 472 7ff7f77e28cf-7ff7f77e28ef call 7ff7f77ea100 470->472 475->470 479 7ff7f77e27ea-7ff7f77e27fd call 7ff7f77e2c50 475->479 479->470 482 7ff7f77e2803-7ff7f77e282a call 7ff7f77e5af0 479->482 485 7ff7f77e286c-7ff7f77e2894 call 7ff7f77e60f0 call 7ff7f77e19d0 482->485 486 7ff7f77e282c-7ff7f77e283b call 7ff7f77e5af0 482->486 496 7ff7f77e297d-7ff7f77e298e 485->496 497 7ff7f77e289a-7ff7f77e28b0 call 7ff7f77e19d0 485->497 486->485 492 7ff7f77e283d-7ff7f77e2843 486->492 494 7ff7f77e2845-7ff7f77e284d 492->494 495 7ff7f77e284f-7ff7f77e2869 call 7ff7f77f4138 call 7ff7f77e60f0 492->495 494->495 495->485 501 7ff7f77e29a3-7ff7f77e29bb call 7ff7f77e6db0 496->501 502 7ff7f77e2990-7ff7f77e299a call 7ff7f77e24a0 496->502 509 7ff7f77e28f0-7ff7f77e28f3 497->509 510 7ff7f77e28b2-7ff7f77e28c5 call 7ff7f77e1c50 497->510 514 7ff7f77e29ce-7ff7f77e29d5 SetDllDirectoryW 501->514 515 7ff7f77e29bd-7ff7f77e29c9 call 7ff7f77e1c50 501->515 512 7ff7f77e299c 502->512 513 7ff7f77e29db-7ff7f77e29e8 call 7ff7f77e4fa0 502->513 509->496 517 7ff7f77e28f9-7ff7f77e2910 call 7ff7f77e2de0 509->517 510->470 512->501 526 7ff7f77e2a36-7ff7f77e2a3b call 7ff7f77e4f20 513->526 527 7ff7f77e29ea-7ff7f77e29fa call 7ff7f77e4c40 513->527 514->513 515->470 524 7ff7f77e2912-7ff7f77e2915 517->524 525 7ff7f77e2917-7ff7f77e2943 call 7ff7f77e6360 517->525 528 7ff7f77e2952-7ff7f77e2968 call 7ff7f77e1c50 524->528 536 7ff7f77e2945-7ff7f77e294d call 7ff7f77ee60c 525->536 537 7ff7f77e296d-7ff7f77e297b 525->537 534 7ff7f77e2a40-7ff7f77e2a43 526->534 527->526 541 7ff7f77e29fc-7ff7f77e2a0b call 7ff7f77e47a0 527->541 528->470 539 7ff7f77e2af6-7ff7f77e2b05 call 7ff7f77e2330 534->539 540 7ff7f77e2a49-7ff7f77e2a56 534->540 536->528 537->502 539->470 555 7ff7f77e2b0b-7ff7f77e2b42 call 7ff7f77e6080 call 7ff7f77e5af0 call 7ff7f77e4540 539->555 545 7ff7f77e2a60-7ff7f77e2a6a 540->545 553 7ff7f77e2a2c-7ff7f77e2a31 call 7ff7f77e49f0 541->553 554 7ff7f77e2a0d-7ff7f77e2a19 call 7ff7f77e4730 541->554 549 7ff7f77e2a73-7ff7f77e2a75 545->549 550 7ff7f77e2a6c-7ff7f77e2a71 545->550 551 7ff7f77e2ac1-7ff7f77e2af1 call 7ff7f77e2490 call 7ff7f77e22d0 call 7ff7f77e2480 call 7ff7f77e49f0 call 7ff7f77e4f20 549->551 552 7ff7f77e2a77-7ff7f77e2a9a call 7ff7f77e1b30 549->552 550->545 550->549 551->472 552->470 565 7ff7f77e2aa0-7ff7f77e2aab 552->565 553->526 554->553 566 7ff7f77e2a1b-7ff7f77e2a2a call 7ff7f77e4df0 554->566 555->470 578 7ff7f77e2b48-7ff7f77e2b7d call 7ff7f77e2490 call 7ff7f77e6130 call 7ff7f77e49f0 call 7ff7f77e4f20 555->578 569 7ff7f77e2ab0-7ff7f77e2abf 565->569 566->534 569->551 569->569 591 7ff7f77e2b7f-7ff7f77e2b82 call 7ff7f77e5df0 578->591 592 7ff7f77e2b87-7ff7f77e2b8a call 7ff7f77e1ab0 578->592 591->592 595 7ff7f77e2b8f-7ff7f77e2b91 592->595 595->472
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F77E2CD0: GetModuleFileNameW.KERNEL32(?,00007FF7F77E27C9,?,?,?,?,?,?), ref: 00007FF7F77E2D01
                                                                                                                                                                                                                              • SetDllDirectoryW.KERNEL32 ref: 00007FF7F77E29D5
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F77E5AF0: GetEnvironmentVariableW.KERNEL32(00007FF7F77E2817,?,?,?,?,?,?), ref: 00007FF7F77E5B2A
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F77E5AF0: ExpandEnvironmentStringsW.KERNEL32(?,?,?,?,?,?), ref: 00007FF7F77E5B47
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                                                                                                                                                                                              • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                                                                                              • API String ID: 2344891160-3602715111
                                                                                                                                                                                                                              • Opcode ID: 691d796507584d2f1e102b8f75ed70b5dbd29930f6c88259b672937580b0fa46
                                                                                                                                                                                                                              • Instruction ID: 400d0d0e007628ec4c083d47f74fadbfb1df88745b4a8def181ef6662b9ca3d0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 691d796507584d2f1e102b8f75ed70b5dbd29930f6c88259b672937580b0fa46
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 93C1622AA38A8341EB24BB2194512FD9391BF48784FC05031EE6D476D6EF7CE51787B2
                                                                                                                                                                                                                              Function 00007FF7F77E1050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 596 7ff7f77e1050-7ff7f77e10ab call 7ff7f77e9990 599 7ff7f77e10d3-7ff7f77e10eb call 7ff7f77f414c 596->599 600 7ff7f77e10ad-7ff7f77e10d2 call 7ff7f77e1c50 596->600 605 7ff7f77e10ed-7ff7f77e1104 call 7ff7f77e1c10 599->605 606 7ff7f77e1109-7ff7f77e1119 call 7ff7f77f414c 599->606 611 7ff7f77e126c-7ff7f77e12a0 call 7ff7f77e9670 call 7ff7f77f4138 * 2 605->611 612 7ff7f77e111b-7ff7f77e1132 call 7ff7f77e1c10 606->612 613 7ff7f77e1137-7ff7f77e1147 606->613 612->611 615 7ff7f77e1150-7ff7f77e1175 call 7ff7f77ee95c 613->615 623 7ff7f77e117b-7ff7f77e1185 call 7ff7f77ee6d0 615->623 624 7ff7f77e125e 615->624 623->624 630 7ff7f77e118b-7ff7f77e1197 623->630 626 7ff7f77e1264 624->626 626->611 631 7ff7f77e11a0-7ff7f77e11c8 call 7ff7f77e7de0 630->631 634 7ff7f77e1241-7ff7f77e125c call 7ff7f77e1c50 631->634 635 7ff7f77e11ca-7ff7f77e11cd 631->635 634->626 636 7ff7f77e11cf-7ff7f77e11d9 635->636 637 7ff7f77e123c 635->637 639 7ff7f77e1203-7ff7f77e1206 636->639 640 7ff7f77e11db-7ff7f77e11e8 call 7ff7f77ef09c 636->640 637->634 643 7ff7f77e1208-7ff7f77e1216 call 7ff7f77eaec0 639->643 644 7ff7f77e1219-7ff7f77e121e 639->644 646 7ff7f77e11ed-7ff7f77e11f0 640->646 643->644 644->631 645 7ff7f77e1220-7ff7f77e1223 644->645 649 7ff7f77e1225-7ff7f77e1228 645->649 650 7ff7f77e1237-7ff7f77e123a 645->650 651 7ff7f77e11f2-7ff7f77e11fc call 7ff7f77ee6d0 646->651 652 7ff7f77e11fe-7ff7f77e1201 646->652 649->634 653 7ff7f77e122a-7ff7f77e1232 649->653 650->626 651->644 651->652 652->634 653->615
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: 1.2.13$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                              • API String ID: 0-1655038675
                                                                                                                                                                                                                              • Opcode ID: 1bcc25b90a5956c1ab1313a0d7052c4644e162db4b1fa8ca6d1417aace8ee4a7
                                                                                                                                                                                                                              • Instruction ID: 24931a3e56d363225abb18d81f8469283aa1ede7c03bdb5d50aeafe616e7fddf
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1bcc25b90a5956c1ab1313a0d7052c4644e162db4b1fa8ca6d1417aace8ee4a7
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F651062AB1868281EB60BB51E8013B9A290FB88794FC44531DD6D877D5EF3CE456C3B2
                                                                                                                                                                                                                              Function 00007FF7F77FDF30 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?,00000000,?,00007FF7F77FE2CA,?,?,-00000018,00007FF7F77FA383,?,?,?,00007FF7F77FA27A,?,?,?,00007FF7F77F54E2), ref: 00007FF7F77FE0AC
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00000000,?,00007FF7F77FE2CA,?,?,-00000018,00007FF7F77FA383,?,?,?,00007FF7F77FA27A,?,?,?,00007FF7F77F54E2), ref: 00007FF7F77FE0B8
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                              • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                              • API String ID: 3013587201-537541572
                                                                                                                                                                                                                              • Opcode ID: 5d4014bca18f9f9ee9ee76f308e7221266f6712ab36b1d3e30b229e2872ef72f
                                                                                                                                                                                                                              • Instruction ID: 077d9740bbfbb80d8bdd5f9452c2a0053940f42657388343e4a0a554d85122de
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5d4014bca18f9f9ee9ee76f308e7221266f6712ab36b1d3e30b229e2872ef72f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DE412529B3960281FB11EB169900AB5A391BF88BA0F984135CD3D877C4EE7CE44783F0
                                                                                                                                                                                                                              Function 00007FF7F77FB08C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 682 7ff7f77fb08c-7ff7f77fb0b2 683 7ff7f77fb0b4-7ff7f77fb0c8 call 7ff7f77f6068 call 7ff7f77f6088 682->683 684 7ff7f77fb0cd-7ff7f77fb0d1 682->684 702 7ff7f77fb4be 683->702 685 7ff7f77fb4a7-7ff7f77fb4b3 call 7ff7f77f6068 call 7ff7f77f6088 684->685 686 7ff7f77fb0d7-7ff7f77fb0de 684->686 705 7ff7f77fb4b9 call 7ff7f77f9f10 685->705 686->685 688 7ff7f77fb0e4-7ff7f77fb112 686->688 688->685 691 7ff7f77fb118-7ff7f77fb11f 688->691 694 7ff7f77fb121-7ff7f77fb133 call 7ff7f77f6068 call 7ff7f77f6088 691->694 695 7ff7f77fb138-7ff7f77fb13b 691->695 694->705 700 7ff7f77fb4a3-7ff7f77fb4a5 695->700 701 7ff7f77fb141-7ff7f77fb147 695->701 703 7ff7f77fb4c1-7ff7f77fb4d8 700->703 701->700 706 7ff7f77fb14d-7ff7f77fb150 701->706 702->703 705->702 706->694 709 7ff7f77fb152-7ff7f77fb177 706->709 711 7ff7f77fb1aa-7ff7f77fb1b1 709->711 712 7ff7f77fb179-7ff7f77fb17b 709->712 713 7ff7f77fb186-7ff7f77fb19d call 7ff7f77f6068 call 7ff7f77f6088 call 7ff7f77f9f10 711->713 714 7ff7f77fb1b3-7ff7f77fb1db call 7ff7f77fcc2c call 7ff7f77f9f78 * 2 711->714 715 7ff7f77fb1a2-7ff7f77fb1a8 712->715 716 7ff7f77fb17d-7ff7f77fb184 712->716 744 7ff7f77fb330 713->744 747 7ff7f77fb1dd-7ff7f77fb1f3 call 7ff7f77f6088 call 7ff7f77f6068 714->747 748 7ff7f77fb1f8-7ff7f77fb223 call 7ff7f77fb8b4 714->748 717 7ff7f77fb228-7ff7f77fb23f 715->717 716->713 716->715 721 7ff7f77fb241-7ff7f77fb249 717->721 722 7ff7f77fb2ba-7ff7f77fb2c4 call 7ff7f7802abc 717->722 721->722 726 7ff7f77fb24b-7ff7f77fb24d 721->726 733 7ff7f77fb34e 722->733 734 7ff7f77fb2ca-7ff7f77fb2df 722->734 726->722 730 7ff7f77fb24f-7ff7f77fb265 726->730 730->722 735 7ff7f77fb267-7ff7f77fb273 730->735 737 7ff7f77fb353-7ff7f77fb373 ReadFile 733->737 734->733 739 7ff7f77fb2e1-7ff7f77fb2f3 GetConsoleMode 734->739 735->722 740 7ff7f77fb275-7ff7f77fb277 735->740 742 7ff7f77fb46d-7ff7f77fb476 GetLastError 737->742 743 7ff7f77fb379-7ff7f77fb381 737->743 739->733 745 7ff7f77fb2f5-7ff7f77fb2fd 739->745 740->722 746 7ff7f77fb279-7ff7f77fb291 740->746 752 7ff7f77fb493-7ff7f77fb496 742->752 753 7ff7f77fb478-7ff7f77fb48e call 7ff7f77f6088 call 7ff7f77f6068 742->753 743->742 749 7ff7f77fb387 743->749 754 7ff7f77fb333-7ff7f77fb33d call 7ff7f77f9f78 744->754 745->737 751 7ff7f77fb2ff-7ff7f77fb321 ReadConsoleW 745->751 746->722 755 7ff7f77fb293-7ff7f77fb29f 746->755 747->744 748->717 758 7ff7f77fb38e-7ff7f77fb3a3 749->758 760 7ff7f77fb323 GetLastError 751->760 761 7ff7f77fb342-7ff7f77fb34c 751->761 765 7ff7f77fb49c-7ff7f77fb49e 752->765 766 7ff7f77fb329-7ff7f77fb32b call 7ff7f77f5ffc 752->766 753->744 754->703 755->722 764 7ff7f77fb2a1-7ff7f77fb2a3 755->764 758->754 768 7ff7f77fb3a5-7ff7f77fb3b0 758->768 760->766 761->758 764->722 772 7ff7f77fb2a5-7ff7f77fb2b5 764->772 765->754 766->744 774 7ff7f77fb3b2-7ff7f77fb3cb call 7ff7f77faca4 768->774 775 7ff7f77fb3d7-7ff7f77fb3df 768->775 772->722 782 7ff7f77fb3d0-7ff7f77fb3d2 774->782 778 7ff7f77fb3e1-7ff7f77fb3f3 775->778 779 7ff7f77fb45b-7ff7f77fb468 call 7ff7f77faae4 775->779 783 7ff7f77fb3f5 778->783 784 7ff7f77fb44e-7ff7f77fb456 778->784 779->782 782->754 786 7ff7f77fb3fa-7ff7f77fb401 783->786 784->754 787 7ff7f77fb403-7ff7f77fb407 786->787 788 7ff7f77fb43d-7ff7f77fb448 786->788 789 7ff7f77fb423 787->789 790 7ff7f77fb409-7ff7f77fb410 787->790 788->784 791 7ff7f77fb429-7ff7f77fb439 789->791 790->789 792 7ff7f77fb412-7ff7f77fb416 790->792 791->786 793 7ff7f77fb43b 791->793 792->789 794 7ff7f77fb418-7ff7f77fb421 792->794 793->784 794->791
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: 5e2fa04a27a554ad5a06cbbe01d601b05b68f3aeb2922c25288f770f6f319bba
                                                                                                                                                                                                                              • Instruction ID: 0b756d67ee9a6c8ade0c42e1735ad2864fca05846e786e4ec76e7ccb485b4a1c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5e2fa04a27a554ad5a06cbbe01d601b05b68f3aeb2922c25288f770f6f319bba
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E9C1D52AA2C68681E750BB2596006FDAA95EF89B80FD54131DD7D037E1CE7DE44A83F0
                                                                                                                                                                                                                              Function 00007FF7F77FC590 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 872 7ff7f77fc590-7ff7f77fc5b5 873 7ff7f77fc883 872->873 874 7ff7f77fc5bb-7ff7f77fc5be 872->874 875 7ff7f77fc885-7ff7f77fc895 873->875 876 7ff7f77fc5c0-7ff7f77fc5f2 call 7ff7f77f9e44 874->876 877 7ff7f77fc5f7-7ff7f77fc623 874->877 876->875 879 7ff7f77fc625-7ff7f77fc62c 877->879 880 7ff7f77fc62e-7ff7f77fc634 877->880 879->876 879->880 882 7ff7f77fc636-7ff7f77fc63f call 7ff7f77fb950 880->882 883 7ff7f77fc644-7ff7f77fc659 call 7ff7f7802abc 880->883 882->883 887 7ff7f77fc773-7ff7f77fc77c 883->887 888 7ff7f77fc65f-7ff7f77fc668 883->888 889 7ff7f77fc7d0-7ff7f77fc7f5 WriteFile 887->889 890 7ff7f77fc77e-7ff7f77fc784 887->890 888->887 891 7ff7f77fc66e-7ff7f77fc672 888->891 896 7ff7f77fc800 889->896 897 7ff7f77fc7f7-7ff7f77fc7fd GetLastError 889->897 892 7ff7f77fc786-7ff7f77fc789 890->892 893 7ff7f77fc7bc-7ff7f77fc7ce call 7ff7f77fc048 890->893 894 7ff7f77fc674-7ff7f77fc67c call 7ff7f77f3830 891->894 895 7ff7f77fc683-7ff7f77fc68e 891->895 899 7ff7f77fc78b-7ff7f77fc78e 892->899 900 7ff7f77fc7a8-7ff7f77fc7ba call 7ff7f77fc268 892->900 920 7ff7f77fc760-7ff7f77fc767 893->920 894->895 902 7ff7f77fc690-7ff7f77fc699 895->902 903 7ff7f77fc69f-7ff7f77fc6b4 GetConsoleMode 895->903 898 7ff7f77fc803 896->898 897->896 905 7ff7f77fc808 898->905 906 7ff7f77fc814-7ff7f77fc81e 899->906 907 7ff7f77fc794-7ff7f77fc7a6 call 7ff7f77fc14c 899->907 900->920 902->887 902->903 910 7ff7f77fc76c 903->910 911 7ff7f77fc6ba-7ff7f77fc6c0 903->911 913 7ff7f77fc80d 905->913 914 7ff7f77fc820-7ff7f77fc825 906->914 915 7ff7f77fc87c-7ff7f77fc881 906->915 907->920 910->887 918 7ff7f77fc6c6-7ff7f77fc6c9 911->918 919 7ff7f77fc749-7ff7f77fc75b call 7ff7f77fbbd0 911->919 913->906 921 7ff7f77fc853-7ff7f77fc85d 914->921 922 7ff7f77fc827-7ff7f77fc82a 914->922 915->875 924 7ff7f77fc6d4-7ff7f77fc6e2 918->924 925 7ff7f77fc6cb-7ff7f77fc6ce 918->925 919->920 920->905 929 7ff7f77fc864-7ff7f77fc873 921->929 930 7ff7f77fc85f-7ff7f77fc862 921->930 927 7ff7f77fc843-7ff7f77fc84e call 7ff7f77f6044 922->927 928 7ff7f77fc82c-7ff7f77fc83b 922->928 931 7ff7f77fc6e4 924->931 932 7ff7f77fc740-7ff7f77fc744 924->932 925->913 925->924 927->921 928->927 929->915 930->873 930->929 933 7ff7f77fc6e8-7ff7f77fc6ff call 7ff7f7802b88 931->933 932->898 938 7ff7f77fc701-7ff7f77fc70d 933->938 939 7ff7f77fc737-7ff7f77fc73d GetLastError 933->939 940 7ff7f77fc70f-7ff7f77fc721 call 7ff7f7802b88 938->940 941 7ff7f77fc72c-7ff7f77fc733 938->941 939->932 940->939 945 7ff7f77fc723-7ff7f77fc72a 940->945 941->932 943 7ff7f77fc735 941->943 943->933 945->941
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF7F77FC57B), ref: 00007FF7F77FC6AC
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF7F77FC57B), ref: 00007FF7F77FC737
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 953036326-0
                                                                                                                                                                                                                              • Opcode ID: 1ee269c4fb3492fdab786e16ea0be33da994e1b3a3006f3c14cd8905a42bf150
                                                                                                                                                                                                                              • Instruction ID: 64e27e6e99c5e3dceca21f15e0a1e4c0fac83c46920f87722afcab4d79c69641
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1ee269c4fb3492fdab786e16ea0be33da994e1b3a3006f3c14cd8905a42bf150
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A391E33AE2865185F750AB65A5402FDABA0BB48B88F944139DE2E57AC4DF38D443C7F0
                                                                                                                                                                                                                              Function 00007FF7F77FE95C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4170891091-0
                                                                                                                                                                                                                              • Opcode ID: 993f4cb53d01987759aa9ab87d439edc94425a62c6450610c4994d1423bcdf7f
                                                                                                                                                                                                                              • Instruction ID: 5e699825b9b1a4df6bef1df547f93e315f66c0d4de2d8bf1a12120a17a40faf2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 993f4cb53d01987759aa9ab87d439edc94425a62c6450610c4994d1423bcdf7f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE514B76F2411146EB14EF24DE45AFCA7A1AB49359F940235DD3E46AD4DF38A403C7E0
                                                                                                                                                                                                                              Function 00007FF7F77F483C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2780335769-0
                                                                                                                                                                                                                              • Opcode ID: 1291a0862dc251a0f1dda952d285f4a36c3dc69b0fb142e3468d3d288eb0a289
                                                                                                                                                                                                                              • Instruction ID: b38618c0287004c82dab9d36cc58b8b77eb0abf8f9412a5e4134bacc13aa238b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1291a0862dc251a0f1dda952d285f4a36c3dc69b0fb142e3468d3d288eb0a289
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8951902AB286418AFB10EF71D5507BD67E1BB48B58F508035DE6D57689DF38D48283F0
                                                                                                                                                                                                                              Function 00007FF7F77F46E8 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1279662727-0
                                                                                                                                                                                                                              • Opcode ID: 58b178a13046118a9aa3eab3ad0445e857bf873c1952e3e12f7b4cc56e3b75ff
                                                                                                                                                                                                                              • Instruction ID: 9a6f1d7d81c298774faa2afe5fb479923e88672f40f168f4bb03912c2c7fc610
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 58b178a13046118a9aa3eab3ad0445e857bf873c1952e3e12f7b4cc56e3b75ff
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9441C926D2878183E750AB6196003B9B760FB99764F505334DA7C03AD5DF6CA5A187F0
                                                                                                                                                                                                                              Function 00007FF7F77EA51C Relevance: 4.6, APIs: 3, Instructions: 102COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3058843127-0
                                                                                                                                                                                                                              • Opcode ID: 0a8c62a57e2cf59f1561fe537eeb51f2220189f8d74725526a3d26dbeb988a7e
                                                                                                                                                                                                                              • Instruction ID: 5c01b6c2f404099f875fde63efd54cd9bfeceb6b4dab5eb85a498e3f1d734ac1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0a8c62a57e2cf59f1561fe537eeb51f2220189f8d74725526a3d26dbeb988a7e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 44316C29E2820242FB14BB20D511BB9E791AF8A784FC64435ED2D472D3DE3CE45782F2
                                                                                                                                                                                                                              Function 00007FF7F77F89E8 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1703294689-0
                                                                                                                                                                                                                              • Opcode ID: fc68bfbf785dc4e8d02d30f22ac316467e06faf73d836825e3014864920bd8dd
                                                                                                                                                                                                                              • Instruction ID: bcfc0bcc38707bd7d44a1f6e04f40839361eadb49f250af13481396a701f1df3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fc68bfbf785dc4e8d02d30f22ac316467e06faf73d836825e3014864920bd8dd
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 07D05E19B2960282EB043B3059454B8D2919F4C712F801438CC3F023D3DD3DA47F52F1
                                                                                                                                                                                                                              Function 00007FF7F77EE6FC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: a3600ff4682811ddeb36fb761298261c2e9791cf1ca8f4758584451e9995ac85
                                                                                                                                                                                                                              • Instruction ID: 00696e103675b8571c2ad2e1c4fc31d278cf8ad4b1d78bc44190f604b086f49e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a3600ff4682811ddeb36fb761298261c2e9791cf1ca8f4758584451e9995ac85
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A51F929B2968245F768BA25940067AE1D1BF48BA4F984A34DD7C477C5CEFCD40387B2
                                                                                                                                                                                                                              Function 00007FF7F77FBA48 Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: FileHandleType
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3000768030-0
                                                                                                                                                                                                                              • Opcode ID: 51d66a3ea3a1e5720d3031fa8d01ef1f6d3b4a26eee4bfd04239a76c9c1293a5
                                                                                                                                                                                                                              • Instruction ID: 725e1eee7c66aee8a059bb301e3e36e46a0f4d45c6ad731ea419d0910e6d04ef
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 51d66a3ea3a1e5720d3031fa8d01ef1f6d3b4a26eee4bfd04239a76c9c1293a5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A731BD26A34B4541D7619B2586801B8AA50FB49BB0FA41335DF7E073F4CF38E462D3E4
                                                                                                                                                                                                                              Function 00007FF7F77FB764 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • SetFilePointerEx.KERNELBASE(?,?,?,?,?,00007FF7F77FB750,00000000,?,?,?,00007FF7F77E1023,00007FF7F77FB859), ref: 00007FF7F77FB7B0
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,00007FF7F77FB750,00000000,?,?,?,00007FF7F77E1023,00007FF7F77FB859), ref: 00007FF7F77FB7BA
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2976181284-0
                                                                                                                                                                                                                              • Opcode ID: 7196098b30ecd42809471233c9619b7315c9fb41ce716e28bdee8d0b35162eb6
                                                                                                                                                                                                                              • Instruction ID: 94c3e8eb970903027786556e2a058a2a3a440d38fa3053bcfd93da8fe73ea700
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7196098b30ecd42809471233c9619b7315c9fb41ce716e28bdee8d0b35162eb6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4611C86A628A4181DB50AB39A5040A9E761AB48BF4F944331EE7D077E9CE3CD05687E0
                                                                                                                                                                                                                              Function 00007FF7F77F49E4 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F77F48F9), ref: 00007FF7F77F4A17
                                                                                                                                                                                                                              • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F77F48F9), ref: 00007FF7F77F4A2D
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1707611234-0
                                                                                                                                                                                                                              • Opcode ID: 5359c6eadbc125880de5eb3a516e79e0ad43a75e61374d6be107f92d83a7530b
                                                                                                                                                                                                                              • Instruction ID: a3f2d829cd936210b856a2b60b06d02db8b7780bfc2b0d96e73250f2e2022b17
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5359c6eadbc125880de5eb3a516e79e0ad43a75e61374d6be107f92d83a7530b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A11E73662C64282EB10AB15A40107EF7A0FB84771F900235FABD41AD4DF7CD055CBA0
                                                                                                                                                                                                                              Function 00007FF7F77F6AE8 Relevance: 3.0, APIs: 2, Instructions: 35timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F77F6965), ref: 00007FF7F77F6B0B
                                                                                                                                                                                                                              • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F77F6965), ref: 00007FF7F77F6B21
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1707611234-0
                                                                                                                                                                                                                              • Opcode ID: 4979fb33e8de5b56483d857dcf3248564858e1df126649fde4a887e8262e5eb8
                                                                                                                                                                                                                              • Instruction ID: 0888fdf4f72c05359ec72c5e0dcf6edd3f441b929b9b0349a9de06a4110595c1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4979fb33e8de5b56483d857dcf3248564858e1df126649fde4a887e8262e5eb8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D3018E2652C651C6E750AB14E40127BF7B2FB8A721FA00235EAB9419D4DF7DD052DBA0
                                                                                                                                                                                                                              Function 00007FF7F77F9F78 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • RtlFreeHeap.NTDLL(?,?,?,00007FF7F7801EC2,?,?,?,00007FF7F7801EFF,?,?,00000000,00007FF7F78023C5,?,?,00000000,00007FF7F78022F7), ref: 00007FF7F77F9F8E
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF7F7801EC2,?,?,?,00007FF7F7801EFF,?,?,00000000,00007FF7F78023C5,?,?,00000000,00007FF7F78022F7), ref: 00007FF7F77F9F98
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 485612231-0
                                                                                                                                                                                                                              • Opcode ID: 38b70030576bf13f94cd83556ee530387765cecd0e7570bb2763cadcf4087263
                                                                                                                                                                                                                              • Instruction ID: feddf23fd0c0cc601cd6747b3081c57d9d6dce10a1d0e4ab7ae9fce08c15705a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 38b70030576bf13f94cd83556ee530387765cecd0e7570bb2763cadcf4087263
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 04E08659F2D50382FF147BB195444B495D19F88701BC44034CC3D962D1DE2CA89B86F0
                                                                                                                                                                                                                              Function 00007FF7F77F70D4 Relevance: 3.0, APIs: 2, Instructions: 12fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DeleteErrorFileLast
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2018770650-0
                                                                                                                                                                                                                              • Opcode ID: d9df61864aacf0c38aa57b7a7eccc268b2766f97fd3960567bd6780660c5006e
                                                                                                                                                                                                                              • Instruction ID: 7bffbbf371c6f9f0df8504d53a3ce91196fa7bb11e38426616eadfb9d19cb547
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d9df61864aacf0c38aa57b7a7eccc268b2766f97fd3960567bd6780660c5006e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DCD0C91DE3C50381E71437755D854F999D06F4C721FD00674E839802D0EE1CA09B01F2
                                                                                                                                                                                                                              Function 00007FF7F77F6850 Relevance: 3.0, APIs: 2, Instructions: 12COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DirectoryErrorLastRemove
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 377330604-0
                                                                                                                                                                                                                              • Opcode ID: f10b0acbf04ce372ff2bba8e22346aa2cd94a9581c077f1b6ddec38c1268e9e8
                                                                                                                                                                                                                              • Instruction ID: 7b2d9a8a4ffe69215f6627f2fa23f0bdcef77e1ac8389d50792634efedfb1129
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f10b0acbf04ce372ff2bba8e22346aa2cd94a9581c077f1b6ddec38c1268e9e8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 63D0C918E3C503C1E714377159054B994E52F48721FD00638C839C12D0EE2CA49B02F2
                                                                                                                                                                                                                              Function 00007FF7F77FA188 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • CloseHandle.KERNELBASE(?,?,?,00007FF7F77FA005,?,?,00000000,00007FF7F77FA0BA), ref: 00007FF7F77FA1F6
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF7F77FA005,?,?,00000000,00007FF7F77FA0BA), ref: 00007FF7F77FA200
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 918212764-0
                                                                                                                                                                                                                              • Opcode ID: 6fe57093fbbb00cdf8389479e1e18e52ea82cce6ea34632ee61e1d7ac301845a
                                                                                                                                                                                                                              • Instruction ID: ba73d65a03cd63ed67d8e7d9adffe27a6772bed933f90327818b66394c926946
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6fe57093fbbb00cdf8389479e1e18e52ea82cce6ea34632ee61e1d7ac301845a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F521C219F3864241FB9077619A902F9A6919F8D7A0FC64634DE3E472C6CE6CA44783F0
                                                                                                                                                                                                                              Function 00007FF7F77E5DF0 Relevance: 1.6, APIs: 1, Instructions: 141COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharMultiWide_findclose
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2772937645-0
                                                                                                                                                                                                                              • Opcode ID: 628285328bb618edcfe9754a4ff814bb64e2feda71a532fcc2d8bd8f687e193b
                                                                                                                                                                                                                              • Instruction ID: 6bff638dcccee257e654f834f8166e380cad7be93a890ac442604150b6ab86e4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 628285328bb618edcfe9754a4ff814bb64e2feda71a532fcc2d8bd8f687e193b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9D71AF56E28AC581E7119B2CC5052FDA360F7A9B48F94E325DF9C12592EF38E2D6C350
                                                                                                                                                                                                                              Function 00007FF7F77FB4DC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: 3cb10c43647639a768565940e1ce5c449de1869fbc1a92892aa118bde093882e
                                                                                                                                                                                                                              • Instruction ID: 81cf6b4d3f9c2444d8a4e90ab5a8b021bdfaba1a63e56396acdc709bd6294512
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3cb10c43647639a768565940e1ce5c449de1869fbc1a92892aa118bde093882e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4141A836A2824187EB24AA29E6501B9F790EB59794F940131DAB9836E4DF2CE403C7F1
                                                                                                                                                                                                                              Function 00007FF7F77E6360 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _fread_nolock
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 840049012-0
                                                                                                                                                                                                                              • Opcode ID: d403bd6f2627b7f165610767fc415ef3bdbded25ddfe37183abc0d47fc5875f8
                                                                                                                                                                                                                              • Instruction ID: e316dc39e6f108c9d2b8c831a4301f160ddbb55062edfc8f26ffd07fe5218630
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d403bd6f2627b7f165610767fc415ef3bdbded25ddfe37183abc0d47fc5875f8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A0219529B2869245FB14BB1265043BAE651BF4ABC4FC84430DD2C477C6DE7CE1468371
                                                                                                                                                                                                                              Function 00007FF7F77FAF6C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: ff4bd6b019ced27284b6fa2760217448de45b7808968d4935831090a049e7df0
                                                                                                                                                                                                                              • Instruction ID: 3d3e5da517fd67ff74cde4141a29e6bcd503e87b37c66627b7bb0a1e1b4162f6
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ff4bd6b019ced27284b6fa2760217448de45b7808968d4935831090a049e7df0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C931C36AE3860281E7117B658541BFDA690AB49B60FD10136ED3D473D2CE7DE84387F0
                                                                                                                                                                                                                              Function 00007FF7F77F8919 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3947729631-0
                                                                                                                                                                                                                              • Opcode ID: 7474e071a48ef7130f5acd4d7b35ddfbaeb0d66e7037ac086cf5d56d8c80b409
                                                                                                                                                                                                                              • Instruction ID: 2eb93af7e087bf490c8b2c5c40fece62fd1415ffdc0dec0d498240568588522d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7474e071a48ef7130f5acd4d7b35ddfbaeb0d66e7037ac086cf5d56d8c80b409
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EF21A376A2470289EB24EF64C4402FCB7A0FB08318F881635DA7D06AD5DF38E456D7E1
                                                                                                                                                                                                                              Function 00007FF7F77F5538 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: 25f020cec256df429067bb606d051891f0f83e0bb8faa834007163ccabd97c9c
                                                                                                                                                                                                                              • Instruction ID: afbd57bda59f1ffeff023458a5ba9f9fe4b8be52617ae5f9b183f045001522e6
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 25f020cec256df429067bb606d051891f0f83e0bb8faa834007163ccabd97c9c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 69116229A2C64181EB60BF51D6006FDE2A4BF89B80FA44431EEBC576C6CE7DD44257F0
                                                                                                                                                                                                                              Function 00007FF7F78057DC Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: e860bb9bc84c29a06dccfc010b7eb52daf61d2c250f48aeb7393b4a8ace16f10
                                                                                                                                                                                                                              • Instruction ID: 3f88d80c338670c60e5169196577c1869733007da5fd6c0a73cc6ff437b56e28
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e860bb9bc84c29a06dccfc010b7eb52daf61d2c250f48aeb7393b4a8ace16f10
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2F212C36A2864187D760AF18D44077ABAE0FB84B55F944234DB7D476D5DF3CD412CBA0
                                                                                                                                                                                                                              Function 00007FF7F77EE97C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: 298f7b2a666c55937c0a4044f00fb88544ba948c427ceaa5fd6043e577695ec0
                                                                                                                                                                                                                              • Instruction ID: 58dcb06036331c4cea4b7445c641c23416db8b1a8d9c280b42b67510cb05f8ed
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 298f7b2a666c55937c0a4044f00fb88544ba948c427ceaa5fd6043e577695ec0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E101E525A2875141EB44BB5299000B9E695BF89FE0F884A31DE7C13BD6CEBCD01287A1
                                                                                                                                                                                                                              Function 00007FF7F77F64DC Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: ec6a8bbc8393b9a035b98e996b47f7bdc6c1af4ae5fba4cb41e2bad1113de79b
                                                                                                                                                                                                                              • Instruction ID: 5f5f535aa9108864de94ff6c0c57404c475556f86324536fbda5c5363030386f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ec6a8bbc8393b9a035b98e996b47f7bdc6c1af4ae5fba4cb41e2bad1113de79b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A0017C68B3D24240EB60B76557401BA959AAF08794F940135ED3CD36CEEE2CE85382F0
                                                                                                                                                                                                                              Function 00007FF7F77F6818 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: d8ddd072cb9aeb27808c6bd09a31392064f42f391621abce153dcee42f6a1f6e
                                                                                                                                                                                                                              • Instruction ID: 208570393c029a6a740214cb1f7c62032fc199e45fc909ebd2e0f59005424b55
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d8ddd072cb9aeb27808c6bd09a31392064f42f391621abce153dcee42f6a1f6e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 83E0EC98E2820686F7147AB447829FA915ADF9C740FD44038DD78862C7DE1DA84B56F1
                                                                                                                                                                                                                              Function 00007FF7F77E6490 Relevance: 1.3, APIs: 1, Instructions: 92COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DirectoryErrorLastRemove
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 377330604-0
                                                                                                                                                                                                                              • Opcode ID: 128475c6e2aa44051ed12165c7b1628f945d50cd75adecf40bfa9be76d2a3e00
                                                                                                                                                                                                                              • Instruction ID: 1ebebcc139126d3759f77fbe47e294d3462667b0c868d1b132e7ea0dc4502738
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 128475c6e2aa44051ed12165c7b1628f945d50cd75adecf40bfa9be76d2a3e00
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B841881AE2868581E711AB2495012FD6360FBA9744F85A232DF9D421D7EF38E2D9C371
                                                                                                                                                                                                                              Function 00007FF7F77FDEB8 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(?,?,00000000,00007FF7F77FAA16,?,?,?,00007FF7F77F9BD3,?,?,00000000,00007FF7F77F9E6E), ref: 00007FF7F77FDF0D
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AllocHeap
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4292702814-0
                                                                                                                                                                                                                              • Opcode ID: 69550027ed8e3bf035e7bef6798a6f7658c1153be72ca181ca789a5114add420
                                                                                                                                                                                                                              • Instruction ID: 9ed1e781827ba40af93ee35acb0c64816eabcd410f0594fd749e749df36d8a26
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 69550027ed8e3bf035e7bef6798a6f7658c1153be72ca181ca789a5114add420
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 49F01448B2E20340FF587B615A216F5A6955F99B40FCC4431CD3E862D5EE2CA4A382F0
                                                                                                                                                                                                                              Function 00007FF7F77FCC2C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(?,?,?,00007FF7F77EF1E4,?,?,?,00007FF7F77F06F6,?,?,?,?,?,00007FF7F77F275D), ref: 00007FF7F77FCC6A
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AllocHeap
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4292702814-0
                                                                                                                                                                                                                              • Opcode ID: b827a7ab023d1767f95784f6f7fefaf86c66ee15463514ccfd07e797832e7771
                                                                                                                                                                                                                              • Instruction ID: 46ee3e0c0db0d27420b2c3ee4d6304b014ecb397de1c445c5caf6167cdfe2c7b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b827a7ab023d1767f95784f6f7fefaf86c66ee15463514ccfd07e797832e7771
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1EF0BE08B3D30640FF157B722A016F581809F4D7A0F881230CD3E852C1DD2CA453C2F0

                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                              Function 00007FF7F77E2F20 Relevance: 291.0, APIs: 55, Strings: 111, Instructions: 457libraryloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF7F77E22DE,?,?,?,?), ref: 00007FF7F77E2F36
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF7F77E22DE,?,?,?,?), ref: 00007FF7F77E2F75
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF7F77E22DE,?,?,?,?), ref: 00007FF7F77E2F9A
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF7F77E22DE,?,?,?,?), ref: 00007FF7F77E2FBF
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF7F77E22DE,?,?,?,?), ref: 00007FF7F77E2FE7
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF7F77E22DE,?,?,?,?), ref: 00007FF7F77E300F
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF7F77E22DE,?,?,?,?), ref: 00007FF7F77E3037
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF7F77E22DE,?,?,?,?), ref: 00007FF7F77E305F
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF7F77E22DE,?,?,?,?), ref: 00007FF7F77E3087
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AddressProc
                                                                                                                                                                                                                              • String ID: Failed to get address for PyDict_GetItemString$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyList_New$Failed to get address for PyLong_AsLong$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PySys_AddWarnOption$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetArgvEx$Failed to get address for PySys_SetObject$Failed to get address for PySys_SetPath$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_BuildValue$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_DontWriteBytecodeFlag$Failed to get address for Py_FileSystemDefaultEncoding$Failed to get address for Py_Finalize$Failed to get address for Py_FrozenFlag$Failed to get address for Py_GetPath$Failed to get address for Py_IgnoreEnvironmentFlag$Failed to get address for Py_IncRef$Failed to get address for Py_Initialize$Failed to get address for Py_NoSiteFlag$Failed to get address for Py_NoUserSiteDirectory$Failed to get address for Py_OptimizeFlag$Failed to get address for Py_SetPath$Failed to get address for Py_SetProgramName$Failed to get address for Py_SetPythonHome$Failed to get address for Py_UTF8Mode$Failed to get address for Py_UnbufferedStdioFlag$Failed to get address for Py_VerboseFlag$GetProcAddress$PyDict_GetItemString$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyList_New$PyLong_AsLong$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyRun_SimpleStringFlags$PySys_AddWarnOption$PySys_GetObject$PySys_SetArgvEx$PySys_SetObject$PySys_SetPath$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_BuildValue$Py_DecRef$Py_DecodeLocale$Py_DontWriteBytecodeFlag$Py_FileSystemDefaultEncoding$Py_Finalize$Py_FrozenFlag$Py_GetPath$Py_IgnoreEnvironmentFlag$Py_IncRef$Py_Initialize$Py_NoSiteFlag$Py_NoUserSiteDirectory$Py_OptimizeFlag$Py_SetPath$Py_SetProgramName$Py_SetPythonHome$Py_UTF8Mode$Py_UnbufferedStdioFlag$Py_VerboseFlag
                                                                                                                                                                                                                              • API String ID: 190572456-3109299426
                                                                                                                                                                                                                              • Opcode ID: 3d8788b48c699204fb620db4b6681a167f3e5177f9efbc96361098fa63709e71
                                                                                                                                                                                                                              • Instruction ID: 1c488f648ae4758691c16fe62728be0759eb8c8dc06422545adb9051c8285144
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3d8788b48c699204fb620db4b6681a167f3e5177f9efbc96361098fa63709e71
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B142ED6DA29F0791FB15BB14AC40574EBE1AF08792BC45035C82E053E4FFBCA56A93B1
                                                                                                                                                                                                                              Function 00007FF7F780324C Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                                              • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                              • API String ID: 808467561-2761157908
                                                                                                                                                                                                                              • Opcode ID: 94a7ddbc9dfde8fb095d9bbce1265888f255539b2e0e0fd568165e141f3b5970
                                                                                                                                                                                                                              • Instruction ID: 14c8cd84d76da9878bbd5929ff828f670696001aa8d8682e82d2657b0008a0ed
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 94a7ddbc9dfde8fb095d9bbce1265888f255539b2e0e0fd568165e141f3b5970
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 03B2E676B282828BE7249E64D4407FDBBE1FB54349F90113DDA2D57EC4DB38A912CB90
                                                                                                                                                                                                                              Function 00007FF7F77E6670 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetLastError.KERNEL32(WideCharToMultiByte,00007FF7F77E1CE4,?,?,00000000,00007FF7F77E6904), ref: 00007FF7F77E6697
                                                                                                                                                                                                                              • FormatMessageW.KERNEL32 ref: 00007FF7F77E66C6
                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32 ref: 00007FF7F77E671C
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F77E1CB0: GetLastError.KERNEL32(?,?,00000000,00007FF7F77E6904,?,?,?,?,?,?,?,?,?,?,?,00007FF7F77E1023), ref: 00007FF7F77E1CD7
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLast$ByteCharFormatMessageMultiWide
                                                                                                                                                                                                                              • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                                                                                                                              • API String ID: 2383786077-2573406579
                                                                                                                                                                                                                              • Opcode ID: ee4750cad08e904e569e44cd6da303e01fcfffc44399732fd87d74f29f2688a4
                                                                                                                                                                                                                              • Instruction ID: dad51fb06a2eae63a8fc941e87001a890d0964a77362eb5d522bc1d711279eab
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ee4750cad08e904e569e44cd6da303e01fcfffc44399732fd87d74f29f2688a4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 06218639A38A4281F760AF14E8446BAA7A5FF48345FC40135D96D826E4EF3CD15BC7B1
                                                                                                                                                                                                                              Function 00007FF7F77EAA2C Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3140674995-0
                                                                                                                                                                                                                              • Opcode ID: 414c3b7d1a52ef3ba5408d69683659119c26abb58edcf35ad0cee906abb0d3fb
                                                                                                                                                                                                                              • Instruction ID: de33ae12fcfc7a20614403eeec608f12ac3ba05b21a3ffeb90d827b398d6a457
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 414c3b7d1a52ef3ba5408d69683659119c26abb58edcf35ad0cee906abb0d3fb
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B9316D77618B818AEB60AF60E840BE9B7A4FB88744F844039DA5E47B94DF38C559C760
                                                                                                                                                                                                                              Function 00007FF7F77F9C44 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1239891234-0
                                                                                                                                                                                                                              • Opcode ID: 5dfb057c3f1a11160ff10646ccc1b52b02cf652cbed9a545e94d4dbf2c44da7d
                                                                                                                                                                                                                              • Instruction ID: be67304bb1674bbafea3d2cd1bd44b4515449a3da80c79e4d46a049ef40cfec3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5dfb057c3f1a11160ff10646ccc1b52b02cf652cbed9a545e94d4dbf2c44da7d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9D316636624F8186D760DF25E8406ED77A4FB88754F940135DAAD43798DF3CC156CBA0
                                                                                                                                                                                                                              Function 00007FF7F7800A34 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2227656907-0
                                                                                                                                                                                                                              • Opcode ID: ced153bd746da3696451066ca553fc750e98195ae426049d21287c39b66479d4
                                                                                                                                                                                                                              • Instruction ID: 2a30a8fc300225928cdb1738c6b8532fe91cf5115f8be3d72b1c53f6f5cea975
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ced153bd746da3696451066ca553fc750e98195ae426049d21287c39b66479d4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 28B1F92AB3868641EB60AB2194146B9EBD0EB44BE5FC44131ED6D47BCDDF3CE452C7A0
                                                                                                                                                                                                                              Function 00007FF7F7802DB0 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memcpy_s
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1502251526-0
                                                                                                                                                                                                                              • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                              • Instruction ID: 15bbf45cec0aab74b822395abbda2334e46636ad90440c720e7fc5279695eb4d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A8C10776B2968687E734DF15A04466AFBD1F788785F848138DB5E43B84DB3DE812CB80
                                                                                                                                                                                                                              Function 00007FF7F7808BE8 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 15204871-0
                                                                                                                                                                                                                              • Opcode ID: ce95b3d84f14f29cd4e01f3d624d654ffebb0793079cdf733c9da6505e2ad06c
                                                                                                                                                                                                                              • Instruction ID: 55cc57acc86f753234bbd75c9749ad77b9c181c5b3d6e70bb97737a71be78a7a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce95b3d84f14f29cd4e01f3d624d654ffebb0793079cdf733c9da6505e2ad06c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 47B18D77A10B898BEB55CF29C84636C7BE0F784B48F548921DB6D837A4CB39D4A2C750
                                                                                                                                                                                                                              Function 00007FF7F77F2A18 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: $
                                                                                                                                                                                                                              • API String ID: 0-227171996
                                                                                                                                                                                                                              • Opcode ID: 12f3629fc0db3b94ce06ee7fe38b00bcc3d57b8cb20d1c91e47922b02d0d68b8
                                                                                                                                                                                                                              • Instruction ID: 76b5dd02ae5f0cf1cd85c57ecce81aef00085741b1422aea6999bedf3974a569
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 12f3629fc0db3b94ce06ee7fe38b00bcc3d57b8cb20d1c91e47922b02d0d68b8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C7E1A53AA2864681EB68AE2582501BDB360FF4DB58FA44135CE7E076D4DF29D853C7F0
                                                                                                                                                                                                                              Function 00007FF7F77FD1F8 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: e+000$gfff
                                                                                                                                                                                                                              • API String ID: 0-3030954782
                                                                                                                                                                                                                              • Opcode ID: 7f3e0c3824b7b5cf876389fd48d0d53d421d0873473af5a4edca9f3cc5d4c2f0
                                                                                                                                                                                                                              • Instruction ID: 99d1d574952b218d141413bca441c3c978631f105728b9dd99c29ad312d5653a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f3e0c3824b7b5cf876389fd48d0d53d421d0873473af5a4edca9f3cc5d4c2f0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 16517C2AB2C6C186E7249E3599117A9F791E748B94F888231CF7847AC5CE3DD40287E0
                                                                                                                                                                                                                              Function 00007FF7F77FCD64 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: gfffffff
                                                                                                                                                                                                                              • API String ID: 0-1523873471
                                                                                                                                                                                                                              • Opcode ID: 7cb6c3f32e91a926ccbf64ab8ba01f2a38c928c6639247976dccb01524fe6e1b
                                                                                                                                                                                                                              • Instruction ID: fa53c9ef40765daacfc74fdc0e6f252299871e5178240c229f6cb1d52cb50771
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7cb6c3f32e91a926ccbf64ab8ba01f2a38c928c6639247976dccb01524fe6e1b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 47A15667B2C78646EB21DB29A1207E9FB90AB58B84F448032DE6D477C5DE3DD403C3A1
                                                                                                                                                                                                                              Function 00007FF7F77F70FC Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: TMP
                                                                                                                                                                                                                              • API String ID: 3215553584-3125297090
                                                                                                                                                                                                                              • Opcode ID: 549cbbde4d05edb679bd0e1e8d8321e2e2e00e2b49b4b0b32e90adc79d383972
                                                                                                                                                                                                                              • Instruction ID: da7de7559b2dab6d4becbdc461d4554e6f188cdbc31fba3875d5ae6510af8a22
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 549cbbde4d05edb679bd0e1e8d8321e2e2e00e2b49b4b0b32e90adc79d383972
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CC518D1DA2864241EB64BA265A015FA96E1AF8CB84FC84435DE3D477D5EE3CE41782F0
                                                                                                                                                                                                                              Function 00007FF7F7802620 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: HeapProcess
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 54951025-0
                                                                                                                                                                                                                              • Opcode ID: 5644672d7aec8b178d5bd48a95ace976e45fdc56d1edf0a539dccc581205543b
                                                                                                                                                                                                                              • Instruction ID: e4075e72f9b6a166afd10a3d213940558abb735211fa7cca4d5924ee3d8a1d73
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5644672d7aec8b178d5bd48a95ace976e45fdc56d1edf0a539dccc581205543b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1CB09228E27B02C2EB083B216C82A146AA5BF48B12FD90038C01D40360DF2C20BB9771
                                                                                                                                                                                                                              Function 00007FF7F77F21DC Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 7d7d821e27f440e8d5d3622ff09e7c05bc36f3fd6b9038f787498be69d76432a
                                                                                                                                                                                                                              • Instruction ID: 1096e7103c287a39d877b5e746fefacdd77496a8ef5d16f0770beff5365ee2cf
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7d7d821e27f440e8d5d3622ff09e7c05bc36f3fd6b9038f787498be69d76432a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F7E1B37AA2860285E764AA28C6543FCA791EF4DB58F954235CE3D072D5CF29E843C7F0
                                                                                                                                                                                                                              Function 00007FF7F77F2614 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: c2f3b43ccd68eb767627d2655b116bae7479589a7f74a5058ab0c91b2e39ac12
                                                                                                                                                                                                                              • Instruction ID: d37f7de63cc3798a031cf7b3cdbcadecd07d4173924243368514f0f8185996e4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c2f3b43ccd68eb767627d2655b116bae7479589a7f74a5058ab0c91b2e39ac12
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 12D1EA2AA2864285EB68EA2586102BDA7A0FF0DB48F944135CE3D576D5CF3DD843D7F0
                                                                                                                                                                                                                              Function 00007FF7F77E7420 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: b723f182358e09e7314f6f73ac964ac7abcdc7414507ad18988289416ad7b41b
                                                                                                                                                                                                                              • Instruction ID: cb57fdfb4d01a29e2bf8260f4eaed6a9adf365238895aeebc7831386f7171630
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b723f182358e09e7314f6f73ac964ac7abcdc7414507ad18988289416ad7b41b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 79C1D2722241E04BE789EB29F45987A7392F788309FD9403AEF87477C5CA3CA014D7A1
                                                                                                                                                                                                                              Function 00007FF7F77F132C Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 6c5c392cbfffe41992f0743bc4a0c2c3fe46246456b6811ff0c5dafdd99ec142
                                                                                                                                                                                                                              • Instruction ID: e5404b20d18c47087a1ddd8e3dc54312a35abed4682056ab916543d4b4044810
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6c5c392cbfffe41992f0743bc4a0c2c3fe46246456b6811ff0c5dafdd99ec142
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9FB1E57AA2864185EB64AF39E1502BCBBA0E749B48F580135CE6E473C5DF39D442C7F1
                                                                                                                                                                                                                              Function 00007FF7F77F16C4 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 85060b88648c64536cd03416e20448513b0a4375a109c0566769b76d71526d0c
                                                                                                                                                                                                                              • Instruction ID: 043dd12e5f1631b3185a54c16005a3b2e3e1b243925a7531fe3844ab86cbf343
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 85060b88648c64536cd03416e20448513b0a4375a109c0566769b76d71526d0c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F4B1BE7AA2868585E764DF29E2502BCBBA4E709B58FA40135CE6E433D4CF39D442C7F1
                                                                                                                                                                                                                              Function 00007FF7F77FD878 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 59ad0bfc87d4107bda453f5e7c9a116e1e97c6e992cf3a610b4e267b4cffcaca
                                                                                                                                                                                                                              • Instruction ID: f8ff27f337042ee9de61cde9d079cfeb706d7d17994d830005708dc12c045183
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 59ad0bfc87d4107bda453f5e7c9a116e1e97c6e992cf3a610b4e267b4cffcaca
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4881F376A2C78185EB74DB1996503B9B690FB4A794F844235DEBD43BC9CE3CD4018BE0
                                                                                                                                                                                                                              Function 00007FF7F78058A0 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: 2033a98ce9b9ae1b6fcbd26cbe8033cb2e42881aa268c02d842b0e820a1bc4f5
                                                                                                                                                                                                                              • Instruction ID: 0a8f5e5fc0f45eab0bbb23acd4b8593b7839c12825f66630c1c48148c5ab8fef
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2033a98ce9b9ae1b6fcbd26cbe8033cb2e42881aa268c02d842b0e820a1bc4f5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E8613C2AE3828246F724A5299094B7DEDC1BF40731FD40239DA3E476D5DE6CE82287F0
                                                                                                                                                                                                                              Function 00007FF7F77EFF44 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 9a7d583fdacf7a8c68166448a21aae8e03012e85621840fd7aae1b2904462282
                                                                                                                                                                                                                              • Instruction ID: c5fa72880c6f1777d27e151be41e2e40beb5f980245af791ce24c40e6085f738
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9a7d583fdacf7a8c68166448a21aae8e03012e85621840fd7aae1b2904462282
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0551973AA38A5185E7649B29C14027CB7A0EB4DB58F644131CE6D57BD4DB3AF843C7E0
                                                                                                                                                                                                                              Function 00007FF7F77F0764 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: e009b45869f76b4bc0fd62373217406c0429eee7efa8b33e1f678da67ddd1256
                                                                                                                                                                                                                              • Instruction ID: a8924c403aadebed64709181bd01da3c28ffd46564ea1f25a43060fbae75f8d7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e009b45869f76b4bc0fd62373217406c0429eee7efa8b33e1f678da67ddd1256
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5D51857AA2865185EB249B29C1402BD73A0EB58B68F644131CE7D177D5DB3AF843C7F0
                                                                                                                                                                                                                              Function 00007FF7F77F0354 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 4e0632a4a7e014686f42235b66fbebb9a54d6c0d44d943c89546efb0de6bc1d6
                                                                                                                                                                                                                              • Instruction ID: 7abce21f6a4fb4971aad2c857711e1f7c274d738f6f78a05e4e2c6e3632bbd96
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4e0632a4a7e014686f42235b66fbebb9a54d6c0d44d943c89546efb0de6bc1d6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AD51D93AA2865582E7249B28C2402BC73A0EB4DB58F644135CE7C177D5CB3AF853C7E0
                                                                                                                                                                                                                              Function 00007FF7F77EFD40 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 1122cbedd3da6cae4974dcedcaf2c480ad91f4dcca857e3bd784bf5366bd6c74
                                                                                                                                                                                                                              • Instruction ID: 7a8e14f97e95ecb1c208f011e252ba6befd019859dff39e5e309fc9728c8252a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1122cbedd3da6cae4974dcedcaf2c480ad91f4dcca857e3bd784bf5366bd6c74
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F451A33BA2869185E7A49B29C050378B7A0EB4DB58FA44131CE5C17BD5CB3AE853C7E1
                                                                                                                                                                                                                              Function 00007FF7F77F0560 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: bbc3e59ea296ef31dc5cb467e3ef236485a99d13d7a42ba6bd49c72ea64a61b5
                                                                                                                                                                                                                              • Instruction ID: e5904b270b06bbdebefb1502948ed2eb4371707e931d0910e83e6ff1fbf11dad
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bbc3e59ea296ef31dc5cb467e3ef236485a99d13d7a42ba6bd49c72ea64a61b5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EE51923AB2965586E7249B28C1406B9A7A1EB8CB58F644131CE6D177D4CF3AF843C7F0
                                                                                                                                                                                                                              Function 00007FF7F77F0150 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: e8fed526c0ef6e22bd960d06d2221fad266d41c34a47db8c9ca14c01ed2528e2
                                                                                                                                                                                                                              • Instruction ID: 3ad946412a6282b9d80f74687eaee2d8940530cddc092dc7d0c7a32b74314922
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e8fed526c0ef6e22bd960d06d2221fad266d41c34a47db8c9ca14c01ed2528e2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A751C73AA29A5186E7649B28C6402BC67A1EB4CB58F644131CE6C177D4DF3AF843C7F0
                                                                                                                                                                                                                              Function 00007FF7F77F4FC0 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 7e13b74b0b529d91a8ac9ee6727b9f2d590474870fceb05c3e17ea5803dfc50d
                                                                                                                                                                                                                              • Instruction ID: b4f6800615af46ff79465370b19e95c30adbfb3b5f3ebef8d1959ed404532f5c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7e13b74b0b529d91a8ac9ee6727b9f2d590474870fceb05c3e17ea5803dfc50d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4841D75AD6DA4A05EB55992887006F4A680EF27BA0FD866B0EDBD133C7ED0C7587C1F0
                                                                                                                                                                                                                              Function 00007FF7F77F8D00 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 485612231-0
                                                                                                                                                                                                                              • Opcode ID: 71af8a295fdb51eaf04f4fd3d3cb7b5e4e2b88d375af3dc160b99af84fd8c420
                                                                                                                                                                                                                              • Instruction ID: e68262b6fb045b6f32fccbd1ac537fdb3e99e342d74b671e054a4beb8d5595ef
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 71af8a295fdb51eaf04f4fd3d3cb7b5e4e2b88d375af3dc160b99af84fd8c420
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 51411976B24A5481EF44DF2AD9142A9F791BB4CFD0B84A032DE2D87B94DE7CC1578390
                                                                                                                                                                                                                              Function 00007FF7F77F66C4 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 5e61c3cf97b3866f04581c18cefd4280f5be6d0443f14e9e71bfe5dd080d96d4
                                                                                                                                                                                                                              • Instruction ID: 09de317548cf98f6604b083a84dd34c2c324c73b65295e0c3098a3f131297b52
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5e61c3cf97b3866f04581c18cefd4280f5be6d0443f14e9e71bfe5dd080d96d4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3B31C936728B4241E714AF2569401BEE6D9AB88BA0F944238EE7D93BD5DF3CD40347B4
                                                                                                                                                                                                                              Function 00007FF7F7808A30 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 0a7304cda62ef4e3fce1e8e531a8e9660a3231e70ec23179b9d25e44c0445acc
                                                                                                                                                                                                                              • Instruction ID: 508f140d6c627598c6d40f6536ad9b54b4feb1b866af266057a62a16eaaa9187
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0a7304cda62ef4e3fce1e8e531a8e9660a3231e70ec23179b9d25e44c0445acc
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8DF0687572C2568ADB989F69E4026297FD0F7083C1F908039D69D83B54D63C9072CF64
                                                                                                                                                                                                                              Function 00007FF7F77EABD4 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 53f093bed3a5d0e4e42a94d80c7232e3ca8df1b9ab80f13d9c22a8443e6849f1
                                                                                                                                                                                                                              • Instruction ID: 79d479804fbef9f748dbb1a105d7f09b4e8f527ab6aa840d28aa485af2c7f1d8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 53f093bed3a5d0e4e42a94d80c7232e3ca8df1b9ab80f13d9c22a8443e6849f1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8CA0012E928803D0E744AB00A860830A761BB59301B860131D4AE410E0EE3CA86283A2
                                                                                                                                                                                                                              Function 00007FF7F77E4730 Relevance: 166.5, APIs: 31, Strings: 64, Instructions: 287libraryloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                              • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                              • API String ID: 2238633743-1453502826
                                                                                                                                                                                                                              • Opcode ID: 387b05963c1573a630a89e02a7d3e5c8a0eed87054fdcdadb8995d5c72bb8a89
                                                                                                                                                                                                                              • Instruction ID: 02f88c870fe1db162d64c1b657e19bcdc2eeab1d7257c77ad48e38db2c682a81
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 387b05963c1573a630a89e02a7d3e5c8a0eed87054fdcdadb8995d5c72bb8a89
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 25E1FC6DA39B0790EB14BF14E8605B4A7E1AF08782BD45031DC2D462D4EF3CE16A83F2
                                                                                                                                                                                                                              Function 00007FF7F77E6BF0 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 113COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32 ref: 00007FF7F77E6C2C
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F77E1CB0: GetLastError.KERNEL32(?,?,00000000,00007FF7F77E6904,?,?,?,?,?,?,?,?,?,?,?,00007FF7F77E1023), ref: 00007FF7F77E1CD7
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharErrorLastMultiWide
                                                                                                                                                                                                                              • String ID: Failed to decode wchar_t from UTF-8$Failed to encode filename as ANSI.$Failed to get ANSI buffer size.$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$WideCharToMultiByte$win32_utils_from_utf8$win32_wcs_to_mbs
                                                                                                                                                                                                                              • API String ID: 203985260-1562484376
                                                                                                                                                                                                                              • Opcode ID: 3649c6f93bb09270b823ff22ec7b0eec6d42e79460650eefbf3c7b929506c9f8
                                                                                                                                                                                                                              • Instruction ID: 360e20eac02b9f6fc12ee184ae5844a1ebf7433c3b701eced511f02382e4b294
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3649c6f93bb09270b823ff22ec7b0eec6d42e79460650eefbf3c7b929506c9f8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D2415525A2CB4281E720FB11E8400BAA6D2AF58BD0FD44535DD6D876E5DF3CE16393B1
                                                                                                                                                                                                                              Function 00007FF7F77EF5C8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: f$f$p$p$f
                                                                                                                                                                                                                              • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                              • Opcode ID: 5b8d5396a44c552a0cc4e48ad8092be8cf806d396b8c8f6251230df5f0eb9214
                                                                                                                                                                                                                              • Instruction ID: 135239ab60921951ffca993b15086d26bba23861ae6af479f31888d1abc57e44
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5b8d5396a44c552a0cc4e48ad8092be8cf806d396b8c8f6251230df5f0eb9214
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C812852AA2C1C385FBA07E24D05467AE651FB44754FD44032EEE946DC4DF7CE4928BB2
                                                                                                                                                                                                                              Function 00007FF7F77E12B0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                              • API String ID: 0-3659356012
                                                                                                                                                                                                                              • Opcode ID: 7994238de07d4d104a16b9d10838e7d00d70815f2dac7591a890ce33841336e4
                                                                                                                                                                                                                              • Instruction ID: 4531b6cd27f788290a87f310a2daad26960622c1b31127148794d86df167ae45
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7994238de07d4d104a16b9d10838e7d00d70815f2dac7591a890ce33841336e4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E41812AB2864281EB10EB11F4016B9E7A0EB48794FC44431CE6D47BD5EE7CE483C3A1
                                                                                                                                                                                                                              Function 00007FF7F77ECF90 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                              • String ID: csm$csm$csm
                                                                                                                                                                                                                              • API String ID: 849930591-393685449
                                                                                                                                                                                                                              • Opcode ID: c9717f7599358984fa081211ebe6d8e8a7f2fe77f13a54a703b9fcdffbee59eb
                                                                                                                                                                                                                              • Instruction ID: 7ce7f083912be76e12b23fac31aba53c9486f4b3bcdf7f4aad68424ba3eedaef
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c9717f7599358984fa081211ebe6d8e8a7f2fe77f13a54a703b9fcdffbee59eb
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9EE1B43AA1C7418AEB20AF65D4403ADB7A4FB49798F400535DE6D57BC5CF38E082C7A2
                                                                                                                                                                                                                              Function 00007FF7F77E67C0 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 103COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7F77E1023), ref: 00007FF7F77E685F
                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7F77E1023), ref: 00007FF7F77E68AF
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharMultiWide
                                                                                                                                                                                                                              • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                              • API String ID: 626452242-27947307
                                                                                                                                                                                                                              • Opcode ID: 8d77172852237fffccb974c6d54fb7d37946d1ed41806d5f964de7f541550d5e
                                                                                                                                                                                                                              • Instruction ID: ef7e93454df8f0e585404c7e503effbcf0fe639fc5407a7ee4f49b90ec6bed49
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8d77172852237fffccb974c6d54fb7d37946d1ed41806d5f964de7f541550d5e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 31416336628B8282D720AF11B84017AEBA5FB88790F944135DEAD83BD4DF3CD456D760
                                                                                                                                                                                                                              Function 00007FF7F77E6EC0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00007FF7F77E2D35,?,?,?,?,?,?), ref: 00007FF7F77E6F01
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F77E1CB0: GetLastError.KERNEL32(?,?,00000000,00007FF7F77E6904,?,?,?,?,?,?,?,?,?,?,?,00007FF7F77E1023), ref: 00007FF7F77E1CD7
                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00007FF7F77E2D35,?,?,?,?,?,?), ref: 00007FF7F77E6F75
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                              • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                              • API String ID: 1717984340-27947307
                                                                                                                                                                                                                              • Opcode ID: d869b65ad41923ea885775a182ffbbb4fa8a6a55f9429b012359a23964d7bd56
                                                                                                                                                                                                                              • Instruction ID: d2bed8a344f3977dbb9873f86dabf559be68575f92856db6e58274c349a1ea1b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d869b65ad41923ea885775a182ffbbb4fa8a6a55f9429b012359a23964d7bd56
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F121B429A28B0285E710EF55EC40079FBA1BF88B80F944535DE2D837E4EF3CE55683A0
                                                                                                                                                                                                                              Function 00007FF7F77F93C4 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: f$p$p
                                                                                                                                                                                                                              • API String ID: 3215553584-1995029353
                                                                                                                                                                                                                              • Opcode ID: d478605e8072a694eb9a9d804e4987f1596106984b5661be3eee2fb972e34d58
                                                                                                                                                                                                                              • Instruction ID: 93a324e60a4f4defec3ec54ea0b388abf95e65d5bf8e51e20e60c815193daf90
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d478605e8072a694eb9a9d804e4987f1596106984b5661be3eee2fb972e34d58
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 26128169E2C14386FB20BA1592542F9F251FB88754FD44035DEB9866CCDA3CE5828FF0
                                                                                                                                                                                                                              Function 00007FF7F77E6FB0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 98COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharMultiWide
                                                                                                                                                                                                                              • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                                                              • API String ID: 626452242-876015163
                                                                                                                                                                                                                              • Opcode ID: 9e091cbaac830d0070f3842cc1d5ec76c8d2d2f90cb19691d00490de1532936c
                                                                                                                                                                                                                              • Instruction ID: a9aba1fbc87494334b873e698a5ef579acc9d5126dc1f7e4d3766e2a1b39e7d9
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9e091cbaac830d0070f3842cc1d5ec76c8d2d2f90cb19691d00490de1532936c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4A41C236A28B4282E720EF15E840179A6A5FB88790F940135DE6D47BE4DF3CD053C7A1
                                                                                                                                                                                                                              Function 00007FF7F77E55E0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F77E6DB0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF7F77E6DEA
                                                                                                                                                                                                                              • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF7F77E592F,?,00000000,?,TokenIntegrityLevel), ref: 00007FF7F77E563F
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF7F77E5616
                                                                                                                                                                                                                              • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF7F77E5653
                                                                                                                                                                                                                              • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF7F77E569A
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharEnvironmentExpandMultiStringsWide
                                                                                                                                                                                                                              • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                                                                                                                                                                              • API String ID: 2001182103-3498232454
                                                                                                                                                                                                                              • Opcode ID: aa564683267f47d688a8517bb88a9b0a9054f6e1f4b3a9048b672f302df95511
                                                                                                                                                                                                                              • Instruction ID: dad1b904f98662d2f6e4db489f70ead4629b7c5bb333d76f449e3f7c2e851252
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aa564683267f47d688a8517bb88a9b0a9054f6e1f4b3a9048b672f302df95511
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8C31AB59B3874681FB20B725D9512FAD291AF9C7C0FC40435DE2E827D6ED3CE11686B1
                                                                                                                                                                                                                              Function 00007FF7F77EC248 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,?,?,00007FF7F77EC4FA,?,?,?,00007FF7F77EC1EC,?,?,00000001,00007FF7F77EBE09), ref: 00007FF7F77EC2CD
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF7F77EC4FA,?,?,?,00007FF7F77EC1EC,?,?,00000001,00007FF7F77EBE09), ref: 00007FF7F77EC2DB
                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,?,?,00007FF7F77EC4FA,?,?,?,00007FF7F77EC1EC,?,?,00000001,00007FF7F77EBE09), ref: 00007FF7F77EC305
                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?,?,?,00007FF7F77EC4FA,?,?,?,00007FF7F77EC1EC,?,?,00000001,00007FF7F77EBE09), ref: 00007FF7F77EC34B
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,?,00007FF7F77EC4FA,?,?,?,00007FF7F77EC1EC,?,?,00000001,00007FF7F77EBE09), ref: 00007FF7F77EC357
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                              • String ID: api-ms-
                                                                                                                                                                                                                              • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                              • Opcode ID: 9ce77a0163c425c367fd7c26c9c82fe5a817cd2dfec158d19dd861a4531b58f3
                                                                                                                                                                                                                              • Instruction ID: efaaf49185962a9ea40ce57d40cd0c883402a0788b4373db59b3e6b5178f22d1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9ce77a0163c425c367fd7c26c9c82fe5a817cd2dfec158d19dd861a4531b58f3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4631A139A2A642C1EF51AB12A400579A7D4BF0DBA0F994535DD3D463C1EF3CE04687B2
                                                                                                                                                                                                                              Function 00007FF7F77E6DB0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF7F77E6DEA
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F77E1CB0: GetLastError.KERNEL32(?,?,00000000,00007FF7F77E6904,?,?,?,?,?,?,?,?,?,?,?,00007FF7F77E1023), ref: 00007FF7F77E1CD7
                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF7F77E6E70
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                              • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                                                              • API String ID: 1717984340-876015163
                                                                                                                                                                                                                              • Opcode ID: 7f54e5da8ee4cb54e1cd0e604769d215f15cea2374718bc11fd99751b49c0007
                                                                                                                                                                                                                              • Instruction ID: 03fcc604af8ca313f9eb0538f1d6f6e9b84e73c2f38c7afd11b38abf9c0f3ad3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f54e5da8ee4cb54e1cd0e604769d215f15cea2374718bc11fd99751b49c0007
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C1216926B18A4181EB50EB19F40116AE7A1FF887C4F984531DF6C837E9EE3DD5528750
                                                                                                                                                                                                                              Function 00007FF7F77FA780 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF7F78024B3,?,?,?,00007FF7F77FCCEC,?,?,00000000,00007FF7F77F386F,?,?,?,00007FF7F77F9473), ref: 00007FF7F77FA78F
                                                                                                                                                                                                                              • FlsGetValue.KERNEL32(?,?,?,00007FF7F78024B3,?,?,?,00007FF7F77FCCEC,?,?,00000000,00007FF7F77F386F,?,?,?,00007FF7F77F9473), ref: 00007FF7F77FA7A4
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF7F78024B3,?,?,?,00007FF7F77FCCEC,?,?,00000000,00007FF7F77F386F,?,?,?,00007FF7F77F9473), ref: 00007FF7F77FA7C5
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF7F78024B3,?,?,?,00007FF7F77FCCEC,?,?,00000000,00007FF7F77F386F,?,?,?,00007FF7F77F9473), ref: 00007FF7F77FA7F2
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF7F78024B3,?,?,?,00007FF7F77FCCEC,?,?,00000000,00007FF7F77F386F,?,?,?,00007FF7F77F9473), ref: 00007FF7F77FA803
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF7F78024B3,?,?,?,00007FF7F77FCCEC,?,?,00000000,00007FF7F77F386F,?,?,?,00007FF7F77F9473), ref: 00007FF7F77FA814
                                                                                                                                                                                                                              • SetLastError.KERNEL32(?,?,?,00007FF7F78024B3,?,?,?,00007FF7F77FCCEC,?,?,00000000,00007FF7F77F386F,?,?,?,00007FF7F77F9473), ref: 00007FF7F77FA82F
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Value$ErrorLast
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2506987500-0
                                                                                                                                                                                                                              • Opcode ID: 3971363800b8a81fa04bc153c76856abca93ecf9b7e0d768850358a078ef79bd
                                                                                                                                                                                                                              • Instruction ID: 5aca19d1685103e40434e3e193918f3270211891d167a886057f225e8ee48fcc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3971363800b8a81fa04bc153c76856abca93ecf9b7e0d768850358a078ef79bd
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5F21BA28E2C60241FB69733067419B9E5925F8E7B0F854635EC3E47ACADEACA40342F1
                                                                                                                                                                                                                              Function 00007FF7F78070EC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                              • String ID: CONOUT$
                                                                                                                                                                                                                              • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                              • Opcode ID: 900c1da012dee1dfb60ea43974335527b3f6c3b56b4e810762f126343bdfd55c
                                                                                                                                                                                                                              • Instruction ID: a757f033f7aa7a51a733a01f6549a9b65a7b69d9fa92861d297062f46de04da7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 900c1da012dee1dfb60ea43974335527b3f6c3b56b4e810762f126343bdfd55c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 31119626728A4186E7509B52E854729AAE0FB48BE5F844234D92E477D4CF7CD4258790
                                                                                                                                                                                                                              Function 00007FF7F77FA8F8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF7F77F6091,?,?,?,?,00007FF7F77FDF1F,?,?,00000000,00007FF7F77FAA16,?,?,?), ref: 00007FF7F77FA907
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF7F77F6091,?,?,?,?,00007FF7F77FDF1F,?,?,00000000,00007FF7F77FAA16,?,?,?), ref: 00007FF7F77FA93D
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF7F77F6091,?,?,?,?,00007FF7F77FDF1F,?,?,00000000,00007FF7F77FAA16,?,?,?), ref: 00007FF7F77FA96A
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF7F77F6091,?,?,?,?,00007FF7F77FDF1F,?,?,00000000,00007FF7F77FAA16,?,?,?), ref: 00007FF7F77FA97B
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF7F77F6091,?,?,?,?,00007FF7F77FDF1F,?,?,00000000,00007FF7F77FAA16,?,?,?), ref: 00007FF7F77FA98C
                                                                                                                                                                                                                              • SetLastError.KERNEL32(?,?,?,00007FF7F77F6091,?,?,?,?,00007FF7F77FDF1F,?,?,00000000,00007FF7F77FAA16,?,?,?), ref: 00007FF7F77FA9A7
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Value$ErrorLast
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2506987500-0
                                                                                                                                                                                                                              • Opcode ID: 9c16369c9cedf713b6ac3dac2cb17ec2f8e610dc045da35baaf6277b530098a9
                                                                                                                                                                                                                              • Instruction ID: ca82b765916957d1c26000411251d7c0c5d0e8a0bbfa388013b1aff32f90c773
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9c16369c9cedf713b6ac3dac2cb17ec2f8e610dc045da35baaf6277b530098a9
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1911BE28F2C60242F754B3315A415B9E6925F8E7B0F864735EC7E436D6DE6CA44342F1
                                                                                                                                                                                                                              Function 00007FF7F77EBC08 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                              • String ID: csm$f
                                                                                                                                                                                                                              • API String ID: 2395640692-629598281
                                                                                                                                                                                                                              • Opcode ID: e4cc0f9b1589dd73a5d4f416534ce71b9b3e94dd2aede877d85d93aa73312820
                                                                                                                                                                                                                              • Instruction ID: 42cdb97acade47407d50d14cbf333ada98048737bf73a55ba621d2f5c0e3e249
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e4cc0f9b1589dd73a5d4f416534ce71b9b3e94dd2aede877d85d93aa73312820
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3E51E73AA2920686D714EF15E400E39BB95FB48B88F908130DD6E477D8DF38E852C7B1
                                                                                                                                                                                                                              Function 00007FF7F77F8A40 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                              • Opcode ID: 78a1a69aac29132cf000f84d0d5f993c26bceca4d1e4e1c3cfa2e89eec15c9a9
                                                                                                                                                                                                                              • Instruction ID: d820057c7210cea4e05161b8118cb5a20f42d6f596e3ba0c9f13f77581bdf56c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 78a1a69aac29132cf000f84d0d5f993c26bceca4d1e4e1c3cfa2e89eec15c9a9
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F0F0C22AB29B0681EB10AB20E844779D7A0FF497A2FD44235CA7D455F0DF2CD05AD3A0
                                                                                                                                                                                                                              Function 00007FF7F7808824 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _set_statfp
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1156100317-0
                                                                                                                                                                                                                              • Opcode ID: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                                                                                                                                                                              • Instruction ID: 922998db7a3b7e0c4178655c5631f7d835491702c3c7cc57bea2dd9345106703
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7511512EE78A1345F7583128D845375D9C16F64376FC80638E97E46ADBCE2CA8F341A1
                                                                                                                                                                                                                              Function 00007FF7F77FA9C0 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • FlsGetValue.KERNEL32(?,?,?,00007FF7F77F9BD3,?,?,00000000,00007FF7F77F9E6E,?,?,?,?,?,00007FF7F77F1A40), ref: 00007FF7F77FA9DF
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF7F77F9BD3,?,?,00000000,00007FF7F77F9E6E,?,?,?,?,?,00007FF7F77F1A40), ref: 00007FF7F77FA9FE
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF7F77F9BD3,?,?,00000000,00007FF7F77F9E6E,?,?,?,?,?,00007FF7F77F1A40), ref: 00007FF7F77FAA26
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF7F77F9BD3,?,?,00000000,00007FF7F77F9E6E,?,?,?,?,?,00007FF7F77F1A40), ref: 00007FF7F77FAA37
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF7F77F9BD3,?,?,00000000,00007FF7F77F9E6E,?,?,?,?,?,00007FF7F77F1A40), ref: 00007FF7F77FAA48
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Value
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3702945584-0
                                                                                                                                                                                                                              • Opcode ID: ccee12417dd8fadd804cf4bca67e11b29a445d0494c9c7ede3eb61f72115d30b
                                                                                                                                                                                                                              • Instruction ID: 6c5d05b58aaf63e7aad187ec116bebaa1b45279af3f2cde535df78d5b48e7aaf
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ccee12417dd8fadd804cf4bca67e11b29a445d0494c9c7ede3eb61f72115d30b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E411DF18F2960241FB58B325AB816B9E1825F8A7B0F854335EC3E477C6DE6CE50346F1
                                                                                                                                                                                                                              Function 00007FF7F77FA854 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7F78024B3,?,?,?,00007FF7F77FCCEC,?,?,00000000,00007FF7F77F386F), ref: 00007FF7F77FA865
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7F78024B3,?,?,?,00007FF7F77FCCEC,?,?,00000000,00007FF7F77F386F), ref: 00007FF7F77FA884
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7F78024B3,?,?,?,00007FF7F77FCCEC,?,?,00000000,00007FF7F77F386F), ref: 00007FF7F77FA8AC
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7F78024B3,?,?,?,00007FF7F77FCCEC,?,?,00000000,00007FF7F77F386F), ref: 00007FF7F77FA8BD
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7F78024B3,?,?,?,00007FF7F77FCCEC,?,?,00000000,00007FF7F77F386F), ref: 00007FF7F77FA8CE
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Value
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3702945584-0
                                                                                                                                                                                                                              • Opcode ID: 353fa8bf1983d63c804749c76f5f6573fef8243f584448c2a0a10dd8cdf132d1
                                                                                                                                                                                                                              • Instruction ID: 7e81cefa5926ba25515ede177ffb092f54efae9f56906b8223aeb425bbe8ad04
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 353fa8bf1983d63c804749c76f5f6573fef8243f584448c2a0a10dd8cdf132d1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 33113A18E3820341FB5A72755A52AF9D1925F4A370F890739DC3E4A2C2EDACB44342F2
                                                                                                                                                                                                                              Function 00007FF7F77FF218 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                              • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                              • Opcode ID: fa9c2c0b9e0b51f4f192ae3b8b8b95ed4a793ff286fdede4dba764f85164dfb1
                                                                                                                                                                                                                              • Instruction ID: 165e3268cdd9b3102df7e4c9588c9b1cdbfea8e82252630f04b195b7aec13ba6
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fa9c2c0b9e0b51f4f192ae3b8b8b95ed4a793ff286fdede4dba764f85164dfb1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D81903AD2828285E764BE2983506BCA6A0AF19B44FD54035DE39972D5CF2CE90387F1
                                                                                                                                                                                                                              Function 00007FF7F77ED468 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                              • String ID: MOC$RCC
                                                                                                                                                                                                                              • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                              • Opcode ID: f09742bcba9082defbae069630545238114b431a0e4fd7be58dd8469a5d7fef1
                                                                                                                                                                                                                              • Instruction ID: 6c1306a717a38b6864f2afc939d359ead16cf192b038ab1ff68e8f58a99044b0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f09742bcba9082defbae069630545238114b431a0e4fd7be58dd8469a5d7fef1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A2616A3BA18A458AE720DF65D0403ADB7B0FB48B8CF444235EE6D17B98DB38E056C761
                                                                                                                                                                                                                              Function 00007FF7F77ED7C4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                              • String ID: csm$csm
                                                                                                                                                                                                                              • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                              • Opcode ID: a3990994d2fbb822c09bdc2a35b5fa2b647080e9aebb1a5b00e12dffe7bfe986
                                                                                                                                                                                                                              • Instruction ID: 037bac6c8b23283bb62497363e19590273afb48666965a025737441e0a21213f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a3990994d2fbb822c09bdc2a35b5fa2b647080e9aebb1a5b00e12dffe7bfe986
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9D51C43A92C24286EB64AF159844378B7A0FB49B94F944135DEAC47BC5CF3CE452C7B2
                                                                                                                                                                                                                              Function 00007FF7F77E2CD0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,00007FF7F77E27C9,?,?,?,?,?,?), ref: 00007FF7F77E2D01
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F77E1CB0: GetLastError.KERNEL32(?,?,00000000,00007FF7F77E6904,?,?,?,?,?,?,?,?,?,?,?,00007FF7F77E1023), ref: 00007FF7F77E1CD7
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                                              • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                                                                                                                                                                              • API String ID: 2776309574-1977442011
                                                                                                                                                                                                                              • Opcode ID: 7987a5ce4ff3c8cba7d8c38c60f2d05ca27952d1a3ea66f3204455115dc1ef10
                                                                                                                                                                                                                              • Instruction ID: a1758e6168035576a9fcb9e04f4bcd2db8c4c2af3de2f35a0d6cbf16b2adcd1d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7987a5ce4ff3c8cba7d8c38c60f2d05ca27952d1a3ea66f3204455115dc1ef10
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8001D826B3C64281FB20F720E4053B99291AF0C3C1FC10031DD1D862D6DE3CE15687B1
                                                                                                                                                                                                                              Function 00007FF7F77FBBD0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2718003287-0
                                                                                                                                                                                                                              • Opcode ID: 47f9f7c1e3185106a498671fedee26090088e719dd8e44b73d57f810765c87d4
                                                                                                                                                                                                                              • Instruction ID: fb9ea7e93c3888df7e434f80d31a41d62e45700766629b06096f9d5d689ad953
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 47f9f7c1e3185106a498671fedee26090088e719dd8e44b73d57f810765c87d4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9AD1F176B28A8089E710DF75D5402ECB7A1FB48798B904236CE6D97BD9DE38D017C7A0
                                                                                                                                                                                                                              Function 00007FF7F7804DBC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: ?
                                                                                                                                                                                                                              • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                              • Opcode ID: 610c018c2ed3d43a6dc6b39dfd7623f8c002a97b49fdc2d3a9d4eaa2ab755e24
                                                                                                                                                                                                                              • Instruction ID: 23b508b05e0fa100e0b04906070e92fc24f101b13797274caa614cd0c1fb1c94
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 610c018c2ed3d43a6dc6b39dfd7623f8c002a97b49fdc2d3a9d4eaa2ab755e24
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E5412B26A2828245FB20AB259501379DAD0EF81BA5F944235EE7C07AD9DF3CD453C790
                                                                                                                                                                                                                              Function 00007FF7F77F7FD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F77F8002
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F77F9F78: RtlFreeHeap.NTDLL(?,?,?,00007FF7F7801EC2,?,?,?,00007FF7F7801EFF,?,?,00000000,00007FF7F78023C5,?,?,00000000,00007FF7F78022F7), ref: 00007FF7F77F9F8E
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F77F9F78: GetLastError.KERNEL32(?,?,?,00007FF7F7801EC2,?,?,?,00007FF7F7801EFF,?,?,00000000,00007FF7F78023C5,?,?,00000000,00007FF7F78022F7), ref: 00007FF7F77F9F98
                                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF7F77EA485), ref: 00007FF7F77F8020
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                              • API String ID: 3580290477-716746308
                                                                                                                                                                                                                              • Opcode ID: 87397ab4d942c93eb7ecf5272dbc7224ab3e9c0a5ace0b49458789d652eb9e0d
                                                                                                                                                                                                                              • Instruction ID: 5edb39f6ab2e661191e262ec7d28f4f855183e4caaf57de37aa356f6d70fd918
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 87397ab4d942c93eb7ecf5272dbc7224ab3e9c0a5ace0b49458789d652eb9e0d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 14414D3AA28A0286E714BF25DA410F9A6A4EF487D4BD44035ED6E43BD5DF38D492C7E0
                                                                                                                                                                                                                              Function 00007FF7F77FC268 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                              • String ID: U
                                                                                                                                                                                                                              • API String ID: 442123175-4171548499
                                                                                                                                                                                                                              • Opcode ID: 3868b3aae24abb70b6c7ced641cfa87b6d54125405e373b4c87f7bfc476be08b
                                                                                                                                                                                                                              • Instruction ID: 0f6a888e19169ef99a4db51a47c61dc79c3dcb4439419da8fb8da73b55833f19
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3868b3aae24abb70b6c7ced641cfa87b6d54125405e373b4c87f7bfc476be08b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8E41B426B28A4185DB209F65E8443A9B7A0FB987D4F854031EE6D87798DF3CD442C7A1
                                                                                                                                                                                                                              Function 00007FF7F77FE588 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CurrentDirectory
                                                                                                                                                                                                                              • String ID: :
                                                                                                                                                                                                                              • API String ID: 1611563598-336475711
                                                                                                                                                                                                                              • Opcode ID: f9a3a88e5e7675db83ee30e7457ef94258ee056855d46160e54cb350838ff185
                                                                                                                                                                                                                              • Instruction ID: 1cba644588a35bd6b40e7550936bef9f673076189d9818299eefe07068af63c4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f9a3a88e5e7675db83ee30e7457ef94258ee056855d46160e54cb350838ff185
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9221D766B2824581EB24AB15D0442ADB3B1FBC8B48FC54035DA7D432C4CFBCE5468BF1
                                                                                                                                                                                                                              Function 00007FF7F77EE310 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                              • String ID: csm
                                                                                                                                                                                                                              • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                              • Opcode ID: ee4cd62d6736e0f26efa3482034fbaa09f2706f16dc7c85cfdea4997af4e44da
                                                                                                                                                                                                                              • Instruction ID: 9087e78b9c3938d99a95b329ed6c801f57fef78cf18b2c306b4c4ec013e1f1d8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ee4cd62d6736e0f26efa3482034fbaa09f2706f16dc7c85cfdea4997af4e44da
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B8114C36628B4182EB209F15F440269BBE4FB88F84F584631EE9D077A8DF7CD5628B50
                                                                                                                                                                                                                              Function 00007FF7F77FF08C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.2045366114.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045337094.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045398945.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045430826.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.2045487046.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: :
                                                                                                                                                                                                                              • API String ID: 2595371189-336475711
                                                                                                                                                                                                                              • Opcode ID: 231bdef7d4e4c9a314d514652501e8a1bb3d1d6653b2e53c967e9d93a887682d
                                                                                                                                                                                                                              • Instruction ID: 3347086cbb5ed65c5a8ca9a89bed95d480887660882141912767fc5000a17630
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 231bdef7d4e4c9a314d514652501e8a1bb3d1d6653b2e53c967e9d93a887682d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4F018469A3864285F720BF6095516BEA3A0EF48704FC41036D97D826C5DE3CD5468AF5

                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                              Execution Coverage:5.7%
                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                              Signature Coverage:3.1%
                                                                                                                                                                                                                              Total number of Nodes:781
                                                                                                                                                                                                                              Total number of Limit Nodes:23
                                                                                                                                                                                                                              execution_graph 15303 7ff7f77f4e70 15304 7ff7f77f4e8d 15303->15304 15307 7ff7f77f4e99 15303->15307 15314 7ff7f77f46e8 15304->15314 15306 7ff7f77f4e92 15308 7ff7f77f4f41 15307->15308 15309 7ff7f77f4f2d 15307->15309 15310 7ff7f77f46e8 26 API calls 15308->15310 15309->15306 15331 7ff7f77f9f78 15309->15331 15312 7ff7f77f4f4d 15310->15312 15312->15306 15313 7ff7f77f9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15312->15313 15313->15306 15315 7ff7f77f4702 15314->15315 15316 7ff7f77f471f 15314->15316 15359 7ff7f77f6068 15315->15359 15316->15315 15317 7ff7f77f4732 CreateFileW 15316->15317 15319 7ff7f77f4766 15317->15319 15327 7ff7f77f479c 15317->15327 15337 7ff7f77f483c GetFileType 15319->15337 15325 7ff7f77f4791 CloseHandle 15330 7ff7f77f471a 15325->15330 15326 7ff7f77f477b CloseHandle 15326->15330 15327->15330 15367 7ff7f77f5ffc 15327->15367 15330->15306 15332 7ff7f77f9fac 15331->15332 15333 7ff7f77f9f7d HeapFree 15331->15333 15332->15306 15333->15332 15334 7ff7f77f9f98 GetLastError 15333->15334 15335 7ff7f77f9fa5 Concurrency::details::SchedulerProxy::DeleteThis 15334->15335 15336 7ff7f77f6088 _get_daylight 9 API calls 15335->15336 15336->15332 15338 7ff7f77f4947 15337->15338 15346 7ff7f77f488a 15337->15346 15340 7ff7f77f4971 15338->15340 15341 7ff7f77f494f 15338->15341 15339 7ff7f77f48b6 GetFileInformationByHandle 15343 7ff7f77f4962 GetLastError 15339->15343 15344 7ff7f77f48df 15339->15344 15342 7ff7f77f4994 PeekNamedPipe 15340->15342 15350 7ff7f77f4932 15340->15350 15341->15343 15345 7ff7f77f4953 15341->15345 15342->15350 15348 7ff7f77f5ffc _fread_nolock 11 API calls 15343->15348 15372 7ff7f77f49e4 15344->15372 15347 7ff7f77f6088 _get_daylight 11 API calls 15345->15347 15346->15339 15346->15350 15347->15350 15348->15350 15379 7ff7f77ea100 15350->15379 15351 7ff7f77f4774 15351->15325 15351->15326 15354 7ff7f77f49e4 5 API calls 15355 7ff7f77f4909 15354->15355 15356 7ff7f77f49e4 5 API calls 15355->15356 15357 7ff7f77f491a 15356->15357 15357->15350 15358 7ff7f77f6088 _get_daylight 11 API calls 15357->15358 15358->15350 15385 7ff7f77fa8f8 GetLastError 15359->15385 15361 7ff7f77f4707 15362 7ff7f77f6088 15361->15362 15363 7ff7f77fa8f8 _get_daylight 11 API calls 15362->15363 15364 7ff7f77f470f 15363->15364 15365 7ff7f77f9f10 15364->15365 15416 7ff7f77f9da8 15365->15416 15368 7ff7f77fa8f8 _get_daylight 11 API calls 15367->15368 15369 7ff7f77f6009 Concurrency::details::SchedulerProxy::DeleteThis 15368->15369 15370 7ff7f77fa8f8 _get_daylight 11 API calls 15369->15370 15371 7ff7f77f602b 15370->15371 15371->15330 15373 7ff7f77f4a00 15372->15373 15374 7ff7f77f4a0d FileTimeToSystemTime 15372->15374 15373->15374 15375 7ff7f77f4a08 15373->15375 15374->15375 15376 7ff7f77f4a21 SystemTimeToTzSpecificLocalTime 15374->15376 15377 7ff7f77ea100 _wfindfirst32i64 3 API calls 15375->15377 15376->15375 15378 7ff7f77f48f9 15377->15378 15378->15354 15380 7ff7f77ea109 15379->15380 15381 7ff7f77ea114 15380->15381 15382 7ff7f77ea1c0 IsProcessorFeaturePresent 15380->15382 15381->15351 15383 7ff7f77ea1df capture_previous_context __raise_securityfailure 15382->15383 15384 7ff7f77ea1d8 15382->15384 15383->15351 15384->15383 15386 7ff7f77fa939 FlsSetValue 15385->15386 15390 7ff7f77fa91c 15385->15390 15387 7ff7f77fa94b 15386->15387 15391 7ff7f77fa929 15386->15391 15400 7ff7f77fdeb8 15387->15400 15388 7ff7f77fa9a5 SetLastError 15388->15361 15390->15386 15390->15391 15391->15388 15393 7ff7f77fa978 FlsSetValue 15396 7ff7f77fa984 FlsSetValue 15393->15396 15397 7ff7f77fa996 _get_daylight 15393->15397 15394 7ff7f77fa968 FlsSetValue 15395 7ff7f77fa971 15394->15395 15398 7ff7f77f9f78 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 15395->15398 15396->15395 15399 7ff7f77f9f78 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 15397->15399 15398->15391 15399->15388 15401 7ff7f77fdec9 15400->15401 15402 7ff7f77fdefe HeapAlloc 15401->15402 15403 7ff7f77fdf1a 15401->15403 15407 7ff7f7802730 15401->15407 15402->15401 15405 7ff7f77fa95a 15402->15405 15404 7ff7f77f6088 _get_daylight 10 API calls 15403->15404 15404->15405 15405->15393 15405->15394 15410 7ff7f7802770 15407->15410 15415 7ff7f77ff808 EnterCriticalSection 15410->15415 15417 7ff7f77f9dd3 15416->15417 15420 7ff7f77f9e44 15417->15420 15419 7ff7f77f9dfa 15421 7ff7f77f9e6e 15420->15421 15422 7ff7f77f9e7f 15421->15422 15425 7ff7f77f9f30 IsProcessorFeaturePresent 15421->15425 15422->15419 15426 7ff7f77f9f43 15425->15426 15427 7ff7f77f9f5e GetCurrentProcess TerminateProcess 15426->15427 15428 7ff7f77fe95c 15429 7ff7f77feb4e 15428->15429 15431 7ff7f77fe99e 15428->15431 15430 7ff7f77f6088 _get_daylight 11 API calls 15429->15430 15445 7ff7f77feb44 15430->15445 15431->15429 15434 7ff7f77fea1e 15431->15434 15432 7ff7f77ea100 _wfindfirst32i64 3 API calls 15433 7ff7f77feb69 15432->15433 15447 7ff7f7804838 15434->15447 15437 7ff7f77feb7a 15438 7ff7f77f9f30 _wfindfirst32i64 3 API calls 15437->15438 15441 7ff7f77feb8e 15438->15441 15444 7ff7f77fea7b 15444->15445 15446 7ff7f77feb35 _isindst 15444->15446 15445->15432 15446->15445 15448 7ff7f7804841 15447->15448 15452 7ff7f77fea51 15447->15452 15449 7ff7f77f6088 _get_daylight 11 API calls 15448->15449 15450 7ff7f7804846 15449->15450 15451 7ff7f77f9f10 _invalid_parameter_noinfo 3 API calls 15450->15451 15451->15452 15452->15437 15453 7ff7f7804868 15452->15453 15454 7ff7f7804871 15453->15454 15455 7ff7f77fea62 15453->15455 15456 7ff7f77f6088 _get_daylight 11 API calls 15454->15456 15455->15437 15459 7ff7f7804898 15455->15459 15457 7ff7f7804876 15456->15457 15458 7ff7f77f9f10 _invalid_parameter_noinfo 3 API calls 15457->15458 15458->15455 15460 7ff7f78048a1 15459->15460 15461 7ff7f77fea73 15459->15461 15462 7ff7f77f6088 _get_daylight 11 API calls 15460->15462 15461->15437 15461->15444 15463 7ff7f78048a6 15462->15463 15464 7ff7f77f9f10 _invalid_parameter_noinfo 3 API calls 15463->15464 15464->15461 15465 7ff7f77ea51c 15472 7ff7f77ea6fc 15465->15472 15467 7ff7f77ea580 15468 7ff7f77ea535 __scrt_acquire_startup_lock __scrt_release_startup_lock 15468->15467 15480 7ff7f77e1000 15468->15480 15470 7ff7f77ea628 15470->15467 15520 7ff7f77ea890 15470->15520 15473 7ff7f77eaccc 15472->15473 15474 7ff7f77ea71e __scrt_dllmain_crt_thread_attach 15473->15474 15475 7ff7f77ea72b 15474->15475 15476 7ff7f77ea727 15474->15476 15524 7ff7f77f91ec 15475->15524 15476->15468 15481 7ff7f77e1011 15480->15481 15539 7ff7f77e67c0 15481->15539 15483 7ff7f77e1023 15544 7ff7f77f4f7c 15483->15544 15485 7ff7f77ea100 _wfindfirst32i64 3 API calls 15486 7ff7f77e28de 15485->15486 15486->15470 15487 7ff7f77e2863 15548 7ff7f77e60f0 15487->15548 15489 7ff7f77e2878 15552 7ff7f77e19d0 15489->15552 15492 7ff7f77e27ab 15492->15487 15495 7ff7f77e60f0 3 API calls 15492->15495 15506 7ff7f77e28b2 15492->15506 15493 7ff7f77e296d 15502 7ff7f77e29db 15493->15502 15558 7ff7f77e6db0 15493->15558 15494 7ff7f77e19d0 43 API calls 15497 7ff7f77e28ae 15494->15497 15495->15487 15497->15493 15497->15506 15577 7ff7f77e2de0 15497->15577 15498 7ff7f77e29b8 15499 7ff7f77e29ce SetDllDirectoryW 15498->15499 15498->15506 15499->15502 15503 7ff7f77e2a2c 15502->15503 15600 7ff7f77e47a0 15502->15600 15509 7ff7f77e2af6 15503->15509 15515 7ff7f77e2a49 15503->15515 15505 7ff7f77e2940 15505->15493 15507 7ff7f77e2945 15505->15507 15506->15485 15596 7ff7f77ee60c 15507->15596 15509->15506 15667 7ff7f77e6080 15509->15667 15512 7ff7f77e2a0d 15604 7ff7f77e4730 15512->15604 15515->15506 15565 7ff7f77e22d0 15515->15565 15517 7ff7f77e2a17 15517->15503 15518 7ff7f77e2b2b 15518->15506 15674 7ff7f77e5df0 15518->15674 15521 7ff7f77ea8a1 15520->15521 15522 7ff7f77ea8b1 15521->15522 15523 7ff7f77ebe28 __scrt_initialize_crt 2 API calls 15521->15523 15522->15467 15523->15522 15525 7ff7f780264c 15524->15525 15526 7ff7f77ea730 15525->15526 15531 7ff7f77fbb50 15525->15531 15526->15476 15528 7ff7f77ebe28 15526->15528 15529 7ff7f77ebe30 __vcrt_uninitialize_ptd __vcrt_uninitialize_locks 15528->15529 15530 7ff7f77ebe3a 15528->15530 15529->15530 15530->15476 15538 7ff7f77ff808 EnterCriticalSection 15531->15538 15533 7ff7f77ff868 _get_daylight LeaveCriticalSection 15535 7ff7f77fbb83 15533->15535 15534 7ff7f77fbb60 15536 7ff7f77fba48 GetStdHandle GetFileType 15534->15536 15537 7ff7f77fbb77 15534->15537 15535->15525 15536->15537 15537->15533 15541 7ff7f77e67df 15539->15541 15540 7ff7f77e6830 WideCharToMultiByte 15540->15541 15543 7ff7f77e67e7 15540->15543 15541->15540 15542 7ff7f77e6886 WideCharToMultiByte 15541->15542 15541->15543 15542->15541 15542->15543 15543->15483 15545 7ff7f77fecc0 15544->15545 15546 7ff7f77f9e44 _invalid_parameter_noinfo 3 API calls 15545->15546 15547 7ff7f77fed3c 15545->15547 15546->15547 15547->15492 15549 7ff7f77e6db0 2 API calls 15548->15549 15550 7ff7f77e6107 SetEnvironmentVariableW 15549->15550 15551 7ff7f77e611f 15550->15551 15551->15489 15553 7ff7f77e1a00 15552->15553 15557 7ff7f77e1a7a 15553->15557 15684 7ff7f77e17b0 15553->15684 15556 7ff7f77ee60c 18 API calls 15556->15557 15557->15493 15557->15494 15559 7ff7f77e6dd1 MultiByteToWideChar 15558->15559 15560 7ff7f77e6e57 MultiByteToWideChar 15558->15560 15561 7ff7f77e6e1c 15559->15561 15562 7ff7f77e6df7 15559->15562 15563 7ff7f77e6e7a 15560->15563 15561->15560 15564 7ff7f77e6e32 15561->15564 15562->15498 15563->15498 15564->15498 15865 7ff7f77e3ac0 15565->15865 15568 7ff7f77e231d 15568->15506 15570 7ff7f77e22f4 15570->15568 15889 7ff7f77e3840 15570->15889 15572 7ff7f77ea100 _wfindfirst32i64 3 API calls 15573 7ff7f77e26ea 15572->15573 15573->15506 15575 7ff7f77e2300 15575->15568 15576 7ff7f77e2547 15575->15576 15893 7ff7f77e12b0 15575->15893 15576->15572 15578 7ff7f77e2dec 15577->15578 15579 7ff7f77e6db0 2 API calls 15578->15579 15580 7ff7f77e2e17 15579->15580 15581 7ff7f77e6db0 2 API calls 15580->15581 15582 7ff7f77e2e2a 15581->15582 16042 7ff7f77f5538 15582->16042 15584 7ff7f77e2e39 15585 7ff7f77ea100 _wfindfirst32i64 3 API calls 15584->15585 15586 7ff7f77e290a 15585->15586 15586->15506 15587 7ff7f77e6360 15586->15587 15588 7ff7f77e6384 15587->15588 15589 7ff7f77eec94 3 API calls 15588->15589 15594 7ff7f77e645b 15588->15594 15590 7ff7f77e639e 15589->15590 15590->15594 16179 7ff7f77f7a9c 15590->16179 15592 7ff7f77eec94 3 API calls 15595 7ff7f77e63b3 15592->15595 15593 7ff7f77ee95c _fread_nolock 23 API calls 15593->15595 15594->15505 15595->15592 15595->15593 15595->15594 15597 7ff7f77ee63c 15596->15597 16203 7ff7f77ee3e8 15597->16203 15599 7ff7f77ee655 15599->15506 15601 7ff7f77e47ba _fread_nolock 15600->15601 15602 7ff7f77ea100 _wfindfirst32i64 3 API calls 15601->15602 15603 7ff7f77e2a09 15602->15603 15603->15503 15603->15512 15605 7ff7f77e6310 3 API calls 15604->15605 15606 7ff7f77e4742 15605->15606 15607 7ff7f77e6310 3 API calls 15606->15607 15608 7ff7f77e4755 15607->15608 15609 7ff7f77e477a 15608->15609 15610 7ff7f77e50b0 GetProcAddress 15608->15610 15609->15517 15611 7ff7f77e50fc GetProcAddress 15610->15611 15614 7ff7f77e50d9 15610->15614 15612 7ff7f77e5121 GetProcAddress 15611->15612 15611->15614 15613 7ff7f77e5146 GetProcAddress 15612->15613 15612->15614 15613->15614 15615 7ff7f77e516e GetProcAddress 15613->15615 15614->15517 15615->15614 15616 7ff7f77e5196 GetProcAddress 15615->15616 15616->15614 15617 7ff7f77e51be GetProcAddress 15616->15617 15618 7ff7f77e51e6 GetProcAddress 15617->15618 15619 7ff7f77e51da 15617->15619 15620 7ff7f77e5202 15618->15620 15621 7ff7f77e520e GetProcAddress 15618->15621 15619->15618 15620->15621 15622 7ff7f77e5236 GetProcAddress 15621->15622 15623 7ff7f77e522a 15621->15623 15624 7ff7f77e5252 15622->15624 15625 7ff7f77e525e GetProcAddress 15622->15625 15623->15622 15624->15625 15626 7ff7f77e5286 GetProcAddress 15625->15626 15627 7ff7f77e527a 15625->15627 15628 7ff7f77e52a2 15626->15628 15629 7ff7f77e52ae GetProcAddress 15626->15629 15627->15626 15628->15629 15630 7ff7f77e52d6 GetProcAddress 15629->15630 15631 7ff7f77e52ca 15629->15631 15632 7ff7f77e52f2 15630->15632 15633 7ff7f77e52fe GetProcAddress 15630->15633 15631->15630 15632->15633 15634 7ff7f77e5326 GetProcAddress 15633->15634 15635 7ff7f77e531a 15633->15635 15636 7ff7f77e5342 15634->15636 15637 7ff7f77e534e GetProcAddress 15634->15637 15635->15634 15636->15637 15638 7ff7f77e5376 GetProcAddress 15637->15638 15639 7ff7f77e536a 15637->15639 15640 7ff7f77e5392 15638->15640 15641 7ff7f77e539e GetProcAddress 15638->15641 15639->15638 15640->15641 15642 7ff7f77e53c6 GetProcAddress 15641->15642 15643 7ff7f77e53ba 15641->15643 15644 7ff7f77e53e2 15642->15644 15645 7ff7f77e53ee GetProcAddress 15642->15645 15643->15642 15644->15645 15646 7ff7f77e5416 GetProcAddress 15645->15646 15647 7ff7f77e540a 15645->15647 15648 7ff7f77e5432 15646->15648 15649 7ff7f77e543e GetProcAddress 15646->15649 15647->15646 15648->15649 15650 7ff7f77e5466 GetProcAddress 15649->15650 15651 7ff7f77e545a 15649->15651 15652 7ff7f77e5482 15650->15652 15653 7ff7f77e548e GetProcAddress 15650->15653 15651->15650 15652->15653 15654 7ff7f77e54b6 GetProcAddress 15653->15654 15655 7ff7f77e54aa 15653->15655 15656 7ff7f77e54d2 15654->15656 15657 7ff7f77e54de GetProcAddress 15654->15657 15655->15654 15656->15657 15658 7ff7f77e5506 GetProcAddress 15657->15658 15659 7ff7f77e54fa 15657->15659 15660 7ff7f77e5522 15658->15660 15661 7ff7f77e552e GetProcAddress 15658->15661 15659->15658 15660->15661 15662 7ff7f77e5556 GetProcAddress 15661->15662 15663 7ff7f77e554a 15661->15663 15664 7ff7f77e5572 15662->15664 15665 7ff7f77e557e GetProcAddress 15662->15665 15663->15662 15664->15665 15666 7ff7f77e559a 15665->15666 15666->15517 15668 7ff7f77e6db0 2 API calls 15667->15668 15669 7ff7f77e609f 15668->15669 15670 7ff7f77e6db0 2 API calls 15669->15670 15671 7ff7f77e60af 15670->15671 16231 7ff7f77f6818 15671->16231 15673 7ff7f77e60bd 15673->15518 15675 7ff7f77e5e00 15674->15675 15676 7ff7f77e6db0 2 API calls 15675->15676 15683 7ff7f77e5e2b 15676->15683 15677 7ff7f77e604e 16239 7ff7f77f6850 RemoveDirectoryW 15677->16239 15680 7ff7f77ea100 _wfindfirst32i64 3 API calls 15681 7ff7f77e606b 15680->15681 15681->15506 15682 7ff7f77e6046 _findclose 15682->15677 15683->15677 15683->15682 15685 7ff7f77e17d4 15684->15685 15686 7ff7f77e17e4 15684->15686 15687 7ff7f77e2de0 42 API calls 15685->15687 15688 7ff7f77e6360 27 API calls 15686->15688 15696 7ff7f77e182f 15686->15696 15687->15686 15689 7ff7f77e1815 15688->15689 15689->15696 15704 7ff7f77eec94 15689->15704 15691 7ff7f77ea100 _wfindfirst32i64 3 API calls 15693 7ff7f77e19c0 15691->15693 15692 7ff7f77e182b 15692->15696 15708 7ff7f77ee95c 15692->15708 15693->15556 15693->15557 15696->15691 15697 7ff7f77eec94 3 API calls 15698 7ff7f77e18d1 15697->15698 15698->15696 15699 7ff7f77ee95c _fread_nolock 23 API calls 15698->15699 15700 7ff7f77e1913 15699->15700 15700->15696 15711 7ff7f77ee6d0 15700->15711 15702 7ff7f77ee60c 18 API calls 15702->15696 15703 7ff7f77e1939 15703->15696 15703->15702 15705 7ff7f77eecc4 15704->15705 15717 7ff7f77eea24 15705->15717 15707 7ff7f77eecdd 15707->15692 15721 7ff7f77ee97c 15708->15721 15710 7ff7f77e1861 15710->15696 15710->15697 15712 7ff7f77ee6d9 15711->15712 15716 7ff7f77ee6e9 15711->15716 15713 7ff7f77f6088 _get_daylight 11 API calls 15712->15713 15714 7ff7f77ee6de 15713->15714 15715 7ff7f77f9f10 _invalid_parameter_noinfo 3 API calls 15714->15715 15715->15716 15716->15703 15718 7ff7f77eea4e 15717->15718 15719 7ff7f77f9e44 _invalid_parameter_noinfo 3 API calls 15718->15719 15720 7ff7f77eea75 15718->15720 15719->15720 15720->15707 15722 7ff7f77ee9a6 15721->15722 15728 7ff7f77ee9d5 15721->15728 15723 7ff7f77ee9b5 _fread_nolock 15722->15723 15724 7ff7f77ee9f2 15722->15724 15722->15728 15725 7ff7f77f6088 _get_daylight 11 API calls 15723->15725 15730 7ff7f77ee6fc 15724->15730 15727 7ff7f77ee9ca 15725->15727 15729 7ff7f77f9f10 _invalid_parameter_noinfo 3 API calls 15727->15729 15728->15710 15729->15728 15734 7ff7f77ee72b _fread_nolock 15730->15734 15736 7ff7f77ee745 15730->15736 15731 7ff7f77ee735 15732 7ff7f77f6088 _get_daylight 11 API calls 15731->15732 15733 7ff7f77ee73a 15732->15733 15735 7ff7f77f9f10 _invalid_parameter_noinfo 3 API calls 15733->15735 15734->15731 15734->15736 15742 7ff7f77ee79a _fread_nolock 15734->15742 15735->15736 15736->15728 15738 7ff7f77ee91d _fread_nolock 15739 7ff7f77f6088 _get_daylight 11 API calls 15738->15739 15739->15733 15741 7ff7f77f6088 _get_daylight 11 API calls 15741->15742 15742->15736 15742->15738 15742->15741 15743 7ff7f77f9f10 _invalid_parameter_noinfo 3 API calls 15742->15743 15744 7ff7f77fb08c 15742->15744 15800 7ff7f77fb4dc 15742->15800 15743->15742 15745 7ff7f77fb0b4 15744->15745 15746 7ff7f77fb0cd 15744->15746 15748 7ff7f77f6068 _fread_nolock 11 API calls 15745->15748 15747 7ff7f77fb4a7 15746->15747 15751 7ff7f77fb118 15746->15751 15749 7ff7f77f6068 _fread_nolock 11 API calls 15747->15749 15750 7ff7f77fb0b9 15748->15750 15752 7ff7f77fb4ac 15749->15752 15753 7ff7f77f6088 _get_daylight 11 API calls 15750->15753 15754 7ff7f77fb121 15751->15754 15758 7ff7f77fb0c2 15751->15758 15762 7ff7f77fb152 15751->15762 15755 7ff7f77f6088 _get_daylight 11 API calls 15752->15755 15753->15758 15756 7ff7f77f6068 _fread_nolock 11 API calls 15754->15756 15757 7ff7f77fb12d 15755->15757 15759 7ff7f77fb126 15756->15759 15761 7ff7f77f9f10 _invalid_parameter_noinfo 3 API calls 15757->15761 15758->15742 15760 7ff7f77f6088 _get_daylight 11 API calls 15759->15760 15760->15757 15761->15758 15763 7ff7f77fb179 15762->15763 15764 7ff7f77fb186 15762->15764 15765 7ff7f77fb1b3 15762->15765 15763->15764 15771 7ff7f77fb1a2 15763->15771 15766 7ff7f77f6068 _fread_nolock 11 API calls 15764->15766 15808 7ff7f77fcc2c 15765->15808 15768 7ff7f77fb18b 15766->15768 15770 7ff7f77f6088 _get_daylight 11 API calls 15768->15770 15773 7ff7f77fb192 15770->15773 15776 7ff7f77fb34e 15771->15776 15779 7ff7f77fb2e1 GetConsoleMode 15771->15779 15772 7ff7f77f9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15774 7ff7f77fb1ce 15772->15774 15775 7ff7f77f9f10 _invalid_parameter_noinfo 3 API calls 15773->15775 15777 7ff7f77f9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15774->15777 15799 7ff7f77fb19d 15775->15799 15778 7ff7f77fb353 ReadFile 15776->15778 15780 7ff7f77fb1d5 15777->15780 15781 7ff7f77fb46d GetLastError 15778->15781 15782 7ff7f77fb379 15778->15782 15779->15776 15783 7ff7f77fb2f5 15779->15783 15784 7ff7f77fb1dd 15780->15784 15785 7ff7f77fb1f8 15780->15785 15789 7ff7f77fb329 15781->15789 15790 7ff7f77fb478 15781->15790 15782->15781 15782->15799 15783->15778 15788 7ff7f77fb2ff ReadConsoleW 15783->15788 15786 7ff7f77f6088 _get_daylight 11 API calls 15784->15786 15815 7ff7f77fb8b4 15785->15815 15791 7ff7f77fb1e2 15786->15791 15792 7ff7f77fb323 GetLastError 15788->15792 15788->15799 15796 7ff7f77f5ffc _fread_nolock 11 API calls 15789->15796 15789->15799 15793 7ff7f77f6088 _get_daylight 11 API calls 15790->15793 15795 7ff7f77f6068 _fread_nolock 11 API calls 15791->15795 15792->15789 15797 7ff7f77fb47d 15793->15797 15794 7ff7f77f9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15794->15758 15795->15799 15796->15799 15798 7ff7f77f6068 _fread_nolock 11 API calls 15797->15798 15798->15799 15799->15794 15801 7ff7f77fb4f9 15800->15801 15805 7ff7f77fb524 15800->15805 15802 7ff7f77f6088 _get_daylight 11 API calls 15801->15802 15803 7ff7f77fb4fe 15802->15803 15804 7ff7f77f9f10 _invalid_parameter_noinfo 3 API calls 15803->15804 15807 7ff7f77fb509 15804->15807 15805->15807 15837 7ff7f77faf6c 15805->15837 15807->15742 15809 7ff7f77fcc3b 15808->15809 15810 7ff7f77fcc77 15808->15810 15809->15810 15812 7ff7f77fcc5e HeapAlloc 15809->15812 15814 7ff7f7802730 _get_daylight 2 API calls 15809->15814 15811 7ff7f77f6088 _get_daylight 11 API calls 15810->15811 15813 7ff7f77fb1c4 15811->15813 15812->15809 15812->15813 15813->15772 15814->15809 15816 7ff7f77fb8e4 15815->15816 15819 7ff7f77fb764 15816->15819 15818 7ff7f77fb8fd 15818->15771 15825 7ff7f77f705c 15819->15825 15822 7ff7f77fb7a2 SetFilePointerEx 15823 7ff7f77fb7ba GetLastError 15822->15823 15824 7ff7f77fb791 _fread_nolock 15822->15824 15823->15824 15824->15818 15826 7ff7f77f7065 15825->15826 15827 7ff7f77f707a 15825->15827 15828 7ff7f77f6068 _fread_nolock 11 API calls 15826->15828 15830 7ff7f77f6068 _fread_nolock 11 API calls 15827->15830 15835 7ff7f77f7072 15827->15835 15829 7ff7f77f706a 15828->15829 15832 7ff7f77f6088 _get_daylight 11 API calls 15829->15832 15831 7ff7f77f70b5 15830->15831 15833 7ff7f77f6088 _get_daylight 11 API calls 15831->15833 15832->15835 15834 7ff7f77f70bd 15833->15834 15836 7ff7f77f9f10 _invalid_parameter_noinfo IsProcessorFeaturePresent GetCurrentProcess TerminateProcess 15834->15836 15835->15822 15835->15824 15836->15835 15838 7ff7f77faf96 15837->15838 15843 7ff7f77fafc6 15837->15843 15839 7ff7f77f6068 _fread_nolock 11 API calls 15838->15839 15840 7ff7f77faf9b 15839->15840 15841 7ff7f77f6088 _get_daylight 11 API calls 15840->15841 15863 7ff7f77fafa3 15841->15863 15842 7ff7f77fafdf 15845 7ff7f77f6068 _fread_nolock 11 API calls 15842->15845 15843->15842 15844 7ff7f77fb01d 15843->15844 15846 7ff7f77fb026 15844->15846 15847 7ff7f77fb03b 15844->15847 15848 7ff7f77fafe4 15845->15848 15849 7ff7f77f6068 _fread_nolock 11 API calls 15846->15849 15854 7ff7f77fb06d 15847->15854 15855 7ff7f77fb058 15847->15855 15850 7ff7f77f6088 _get_daylight 11 API calls 15848->15850 15851 7ff7f77fb02b 15849->15851 15852 7ff7f77fafec 15850->15852 15853 7ff7f77f6088 _get_daylight 11 API calls 15851->15853 15856 7ff7f77f9f10 _invalid_parameter_noinfo 3 API calls 15852->15856 15853->15852 15857 7ff7f77fb08c _fread_nolock 22 API calls 15854->15857 15858 7ff7f77f6088 _get_daylight 11 API calls 15855->15858 15856->15863 15859 7ff7f77fb068 15857->15859 15860 7ff7f77fb05d 15858->15860 15864 7ff7f77f6e38 LeaveCriticalSection 15859->15864 15861 7ff7f77f6068 _fread_nolock 11 API calls 15860->15861 15861->15859 15863->15807 15871 7ff7f77e3ad0 15865->15871 15866 7ff7f77ea100 _wfindfirst32i64 3 API calls 15869 7ff7f77e22de 15866->15869 15867 7ff7f77e3b82 15870 7ff7f77e6310 3 API calls 15867->15870 15869->15568 15878 7ff7f77e3e40 15869->15878 15873 7ff7f77e3bc6 15870->15873 15871->15867 15874 7ff7f77e3b0b 15871->15874 15908 7ff7f77e2d70 15871->15908 15873->15874 15875 7ff7f77e3bed 15873->15875 15874->15866 15918 7ff7f77e2f20 GetProcAddress 15875->15918 15879 7ff7f77e3e55 15878->15879 15880 7ff7f77e6db0 2 API calls 15879->15880 15881 7ff7f77e3eb4 15880->15881 15882 7ff7f77e3eb9 15881->15882 15883 7ff7f77e6db0 2 API calls 15881->15883 15882->15570 15884 7ff7f77e3f05 15883->15884 15885 7ff7f77e6db0 2 API calls 15884->15885 15888 7ff7f77e3f0a 15884->15888 15886 7ff7f77e3fcc 15885->15886 15886->15888 16023 7ff7f77e6fb0 15886->16023 15888->15570 15892 7ff7f77e3857 15889->15892 15890 7ff7f77e3880 15890->15575 15891 7ff7f77e12b0 42 API calls 15891->15892 15892->15890 15892->15891 15894 7ff7f77e12c6 15893->15894 15895 7ff7f77e12d6 15893->15895 15896 7ff7f77e2de0 42 API calls 15894->15896 15897 7ff7f77eec94 3 API calls 15895->15897 15899 7ff7f77e12de 15895->15899 15896->15895 15900 7ff7f77e130a 15897->15900 15898 7ff7f77e130e 15898->15575 15899->15575 15900->15898 15901 7ff7f77e137e 15900->15901 15903 7ff7f77e1395 15900->15903 15907 7ff7f77e1344 15900->15907 16028 7ff7f77e1050 15901->16028 15904 7ff7f77ee95c _fread_nolock 23 API calls 15903->15904 15903->15907 15904->15903 15905 7ff7f77e1421 15905->15575 15906 7ff7f77ee60c 18 API calls 15906->15905 15907->15905 15907->15906 15909 7ff7f77e2d7a 15908->15909 15910 7ff7f77e6db0 2 API calls 15909->15910 15911 7ff7f77e2da2 15910->15911 15912 7ff7f77ea100 _wfindfirst32i64 3 API calls 15911->15912 15913 7ff7f77e2dca 15912->15913 15913->15867 15914 7ff7f77e6310 15913->15914 15915 7ff7f77e6db0 2 API calls 15914->15915 15916 7ff7f77e6327 LoadLibraryExW 15915->15916 15917 7ff7f77e6344 15916->15917 15917->15867 15919 7ff7f77e2f6b GetProcAddress 15918->15919 15922 7ff7f77e2f48 15918->15922 15920 7ff7f77e2f90 GetProcAddress 15919->15920 15919->15922 15921 7ff7f77e2fb5 GetProcAddress 15920->15921 15920->15922 15921->15922 15923 7ff7f77e2fdd GetProcAddress 15921->15923 15922->15874 15923->15922 15924 7ff7f77e3005 GetProcAddress 15923->15924 15924->15922 15925 7ff7f77e302d GetProcAddress 15924->15925 15926 7ff7f77e3055 GetProcAddress 15925->15926 15927 7ff7f77e3049 15925->15927 15928 7ff7f77e3071 15926->15928 15929 7ff7f77e307d GetProcAddress 15926->15929 15927->15926 15928->15929 15930 7ff7f77e3099 15929->15930 15931 7ff7f77e30d5 GetProcAddress 15930->15931 15932 7ff7f77e30ad GetProcAddress 15930->15932 15934 7ff7f77e30f1 15931->15934 15935 7ff7f77e30fd GetProcAddress 15931->15935 15932->15931 15933 7ff7f77e30c9 15932->15933 15933->15931 15934->15935 15936 7ff7f77e3125 GetProcAddress 15935->15936 15937 7ff7f77e3119 15935->15937 15938 7ff7f77e3141 15936->15938 15939 7ff7f77e314d GetProcAddress 15936->15939 15937->15936 15938->15939 15940 7ff7f77e3175 GetProcAddress 15939->15940 15941 7ff7f77e3169 15939->15941 15942 7ff7f77e3191 15940->15942 15943 7ff7f77e319d GetProcAddress 15940->15943 15941->15940 15942->15943 15944 7ff7f77e31c5 GetProcAddress 15943->15944 15945 7ff7f77e31b9 15943->15945 15946 7ff7f77e31e1 15944->15946 15947 7ff7f77e31ed GetProcAddress 15944->15947 15945->15944 15946->15947 15948 7ff7f77e3215 GetProcAddress 15947->15948 15949 7ff7f77e3209 15947->15949 15950 7ff7f77e3231 15948->15950 15951 7ff7f77e323d GetProcAddress 15948->15951 15949->15948 15950->15951 15952 7ff7f77e3265 GetProcAddress 15951->15952 15953 7ff7f77e3259 15951->15953 15954 7ff7f77e3281 15952->15954 15955 7ff7f77e328d GetProcAddress 15952->15955 15953->15952 15954->15955 15956 7ff7f77e32b5 GetProcAddress 15955->15956 15957 7ff7f77e32a9 15955->15957 15958 7ff7f77e32d1 15956->15958 15959 7ff7f77e32dd GetProcAddress 15956->15959 15957->15956 15958->15959 15960 7ff7f77e3305 GetProcAddress 15959->15960 15961 7ff7f77e32f9 15959->15961 15962 7ff7f77e3321 15960->15962 15963 7ff7f77e332d GetProcAddress 15960->15963 15961->15960 15962->15963 15964 7ff7f77e3355 GetProcAddress 15963->15964 15965 7ff7f77e3349 15963->15965 15966 7ff7f77e3371 15964->15966 15967 7ff7f77e337d GetProcAddress 15964->15967 15965->15964 15966->15967 15968 7ff7f77e33a5 GetProcAddress 15967->15968 15969 7ff7f77e3399 15967->15969 15970 7ff7f77e33c1 15968->15970 15971 7ff7f77e33cd GetProcAddress 15968->15971 15969->15968 15970->15971 15972 7ff7f77e33f5 GetProcAddress 15971->15972 15973 7ff7f77e33e9 15971->15973 15974 7ff7f77e3411 15972->15974 15975 7ff7f77e341d GetProcAddress 15972->15975 15973->15972 15974->15975 15976 7ff7f77e3445 GetProcAddress 15975->15976 15977 7ff7f77e3439 15975->15977 15978 7ff7f77e3461 15976->15978 15979 7ff7f77e346d GetProcAddress 15976->15979 15977->15976 15978->15979 15980 7ff7f77e3495 GetProcAddress 15979->15980 15981 7ff7f77e3489 15979->15981 15982 7ff7f77e34b1 15980->15982 15983 7ff7f77e34bd GetProcAddress 15980->15983 15981->15980 15982->15983 15984 7ff7f77e34e5 GetProcAddress 15983->15984 15985 7ff7f77e34d9 15983->15985 15986 7ff7f77e3501 15984->15986 15987 7ff7f77e350d GetProcAddress 15984->15987 15985->15984 15986->15987 15988 7ff7f77e3535 GetProcAddress 15987->15988 15989 7ff7f77e3529 15987->15989 15990 7ff7f77e3551 15988->15990 15991 7ff7f77e355d GetProcAddress 15988->15991 15989->15988 15990->15991 15992 7ff7f77e3585 GetProcAddress 15991->15992 15993 7ff7f77e3579 15991->15993 15994 7ff7f77e35a1 15992->15994 15995 7ff7f77e35ad GetProcAddress 15992->15995 15993->15992 15994->15995 15996 7ff7f77e35d5 GetProcAddress 15995->15996 15997 7ff7f77e35c9 15995->15997 15998 7ff7f77e35f1 15996->15998 15999 7ff7f77e35fd GetProcAddress 15996->15999 15997->15996 15998->15999 16000 7ff7f77e3625 GetProcAddress 15999->16000 16001 7ff7f77e3619 15999->16001 16002 7ff7f77e3641 16000->16002 16003 7ff7f77e364d GetProcAddress 16000->16003 16001->16000 16002->16003 16004 7ff7f77e3675 GetProcAddress 16003->16004 16005 7ff7f77e3669 16003->16005 16006 7ff7f77e3691 16004->16006 16007 7ff7f77e369d GetProcAddress 16004->16007 16005->16004 16006->16007 16008 7ff7f77e36c5 GetProcAddress 16007->16008 16009 7ff7f77e36b9 16007->16009 16010 7ff7f77e36e1 16008->16010 16011 7ff7f77e36ed GetProcAddress 16008->16011 16009->16008 16010->16011 16012 7ff7f77e3715 GetProcAddress 16011->16012 16013 7ff7f77e3709 16011->16013 16014 7ff7f77e3731 16012->16014 16015 7ff7f77e373d GetProcAddress 16012->16015 16013->16012 16014->16015 16016 7ff7f77e3765 GetProcAddress 16015->16016 16017 7ff7f77e3759 16015->16017 16018 7ff7f77e3781 16016->16018 16019 7ff7f77e378d GetProcAddress 16016->16019 16017->16016 16018->16019 16020 7ff7f77e37b5 GetProcAddress 16019->16020 16021 7ff7f77e37a9 16019->16021 16022 7ff7f77e37d1 16020->16022 16021->16020 16022->15874 16025 7ff7f77e6fcf 16023->16025 16024 7ff7f77e7020 MultiByteToWideChar 16024->16025 16027 7ff7f77e6fd7 16024->16027 16025->16024 16026 7ff7f77e7068 MultiByteToWideChar 16025->16026 16025->16027 16026->16025 16026->16027 16027->15888 16029 7ff7f77e10a6 _fread_nolock 16028->16029 16030 7ff7f77e10ad 16029->16030 16031 7ff7f77ee95c _fread_nolock 23 API calls 16029->16031 16032 7ff7f77ee6d0 14 API calls 16029->16032 16034 7ff7f77ef09c 16029->16034 16030->15907 16031->16029 16032->16029 16035 7ff7f77ef0cc 16034->16035 16038 7ff7f77eedec 16035->16038 16037 7ff7f77ef0ea 16037->16029 16039 7ff7f77eee0c 16038->16039 16040 7ff7f77eee39 16038->16040 16039->16040 16041 7ff7f77f9e44 _invalid_parameter_noinfo 3 API calls 16039->16041 16040->16037 16041->16040 16043 7ff7f77f546c 16042->16043 16044 7ff7f77f5492 16043->16044 16047 7ff7f77f54c5 16043->16047 16045 7ff7f77f6088 _get_daylight 11 API calls 16044->16045 16046 7ff7f77f5497 16045->16046 16048 7ff7f77f9f10 _invalid_parameter_noinfo 3 API calls 16046->16048 16049 7ff7f77f54cb 16047->16049 16051 7ff7f77f54d8 16047->16051 16056 7ff7f77f54a2 16048->16056 16050 7ff7f77f6088 _get_daylight 11 API calls 16049->16050 16050->16056 16052 7ff7f77f54ec 16051->16052 16053 7ff7f77f54f9 16051->16053 16055 7ff7f77f6088 _get_daylight 11 API calls 16052->16055 16057 7ff7f77ff51c 16053->16057 16055->16056 16056->15584 16058 7ff7f77ff542 16057->16058 16059 7ff7f77ff576 16058->16059 16061 7ff7f78061dc 16058->16061 16059->16056 16064 7ff7f78057dc 16061->16064 16065 7ff7f78057f3 16064->16065 16066 7ff7f7805811 16064->16066 16067 7ff7f77f6088 _get_daylight 11 API calls 16065->16067 16066->16065 16068 7ff7f780582d 16066->16068 16069 7ff7f78057f8 16067->16069 16075 7ff7f7805dec 16068->16075 16071 7ff7f77f9f10 _invalid_parameter_noinfo 3 API calls 16069->16071 16073 7ff7f7805804 16071->16073 16073->16059 16076 7ff7f7805e33 16075->16076 16077 7ff7f7805e61 16076->16077 16078 7ff7f7805e79 16076->16078 16080 7ff7f77f6068 _fread_nolock 11 API calls 16077->16080 16114 7ff7f77f6e60 16078->16114 16081 7ff7f7805e66 16080->16081 16085 7ff7f77f6088 _get_daylight 11 API calls 16081->16085 16089 7ff7f7805858 16085->16089 16089->16073 16113 7ff7f77f6e38 LeaveCriticalSection 16089->16113 16159 7ff7f77ff808 EnterCriticalSection 16114->16159 16180 7ff7f77f7acc 16179->16180 16183 7ff7f77f75a8 16180->16183 16182 7ff7f77f7ae5 16182->15595 16184 7ff7f77f75c3 16183->16184 16185 7ff7f77f75f2 16183->16185 16186 7ff7f77f9e44 _invalid_parameter_noinfo 3 API calls 16184->16186 16189 7ff7f77f7614 16185->16189 16188 7ff7f77f75e3 16186->16188 16188->16182 16190 7ff7f77f762f 16189->16190 16192 7ff7f77f7658 16189->16192 16191 7ff7f77f9e44 _invalid_parameter_noinfo 3 API calls 16190->16191 16194 7ff7f77f764f 16191->16194 16193 7ff7f77f76da 16192->16193 16192->16194 16197 7ff7f77f78c0 16193->16197 16194->16188 16198 7ff7f77f78da 16197->16198 16200 7ff7f77f7971 ReadFile 16198->16200 16202 7ff7f77f7907 16198->16202 16199 7ff7f77ea100 _wfindfirst32i64 3 API calls 16201 7ff7f77f76e8 16199->16201 16200->16202 16201->16194 16202->16199 16204 7ff7f77ee403 16203->16204 16206 7ff7f77ee431 16203->16206 16205 7ff7f77f9e44 _invalid_parameter_noinfo 3 API calls 16204->16205 16208 7ff7f77ee423 16205->16208 16206->16208 16209 7ff7f77ee464 16206->16209 16208->15599 16210 7ff7f77ee47f 16209->16210 16213 7ff7f77ee4a4 16209->16213 16211 7ff7f77f9e44 _invalid_parameter_noinfo 3 API calls 16210->16211 16212 7ff7f77ee49f 16211->16212 16212->16208 16213->16212 16217 7ff7f77fa02c 16213->16217 16216 7ff7f77f9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16216->16212 16218 7ff7f77fa058 16217->16218 16223 7ff7f77ee4d3 16217->16223 16219 7ff7f77fa0bc 16218->16219 16221 7ff7f77fa088 16218->16221 16220 7ff7f77f9e44 _invalid_parameter_noinfo 3 API calls 16219->16220 16220->16223 16224 7ff7f77f9fb4 16221->16224 16223->16212 16223->16216 16225 7ff7f77f9fd0 16224->16225 16226 7ff7f77fa005 16225->16226 16227 7ff7f77fa188 17 API calls 16225->16227 16230 7ff7f77f6e38 LeaveCriticalSection 16226->16230 16227->16226 16232 7ff7f77f6825 16231->16232 16236 7ff7f77f6838 16231->16236 16233 7ff7f77f6088 _get_daylight 11 API calls 16232->16233 16234 7ff7f77f682a 16233->16234 16235 7ff7f77f9f10 _invalid_parameter_noinfo 3 API calls 16234->16235 16238 7ff7f77f6836 16235->16238 16237 7ff7f77f6088 _get_daylight 11 API calls 16236->16237 16236->16238 16237->16238 16238->15673 16240 7ff7f77e605b 16239->16240 16241 7ff7f77f685e GetLastError 16239->16241 16240->15680 16242 7ff7f77f5ffc _fread_nolock 11 API calls 16241->16242 16242->16240 16243 7ffdfacfcb40 16244 7ffdfacfcec0 16243->16244 16245 7ffdfacfcb49 16243->16245 16245->16244 16246 7ffdfacfcb90 CRYPTO_free CRYPTO_free 16245->16246 16247 7ffdfacfcbe9 7 API calls 16246->16247 16248 7ffdfacfcbdf 16246->16248 16249 7ffdface11db 16247->16249 16248->16247 16250 7ffdfacfcc42 OPENSSL_sk_pop_free OPENSSL_sk_pop_free OPENSSL_sk_pop_free OPENSSL_sk_free 16249->16250 16251 7ffdfacfcc96 16250->16251 16252 7ffdfacfcca2 CRYPTO_free CRYPTO_free CRYPTO_free CRYPTO_free CRYPTO_secure_free 16251->16252 16253 7ffdfacfcd2b EVP_MD_get0_provider 16252->16253 16254 7ffdfacfcd40 16252->16254 16253->16254 16255 7ffdfacfcd38 EVP_MD_free 16253->16255 16256 7ffdfacfcd4c EVP_MD_get0_provider 16254->16256 16257 7ffdfacfcd61 16254->16257 16255->16254 16256->16257 16258 7ffdfacfcd59 EVP_MD_free 16256->16258 16259 7ffdfacfcd78 EVP_CIPHER_get0_provider 16257->16259 16261 7ffdfacfcd97 16257->16261 16258->16257 16259->16257 16260 7ffdfacfcd85 EVP_CIPHER_free 16259->16260 16260->16257 16262 7ffdfacfcdac EVP_MD_get0_provider 16261->16262 16264 7ffdfacfcdcb 16261->16264 16262->16261 16263 7ffdfacfcdb9 EVP_MD_free 16262->16263 16263->16261 16265 7ffdfacfce4a CRYPTO_free CRYPTO_free CRYPTO_THREAD_lock_free CRYPTO_free CRYPTO_free 16264->16265 16266 7ffdfacfcde1 CRYPTO_free CRYPTO_free CRYPTO_free 16264->16266 16265->16244 16266->16265 16266->16266 16267 7ff7f77fc898 16269 7ff7f77fc8bd 16267->16269 16268 7ff7f77fc8eb 16269->16268 16271 7ff7f77fb810 16269->16271 16272 7ff7f77fb840 16271->16272 16275 7ff7f77fb644 16272->16275 16274 7ff7f77fb859 16274->16268 16277 7ff7f77fb69b 16275->16277 16283 7ff7f77fb66d 16275->16283 16276 7ff7f77fb6b4 16278 7ff7f77f9e44 _invalid_parameter_noinfo 3 API calls 16276->16278 16277->16276 16279 7ff7f77fb70b 16277->16279 16278->16283 16280 7ff7f77fb729 16279->16280 16281 7ff7f77fb764 _fread_nolock 16 API calls 16279->16281 16284 7ff7f77f6e38 LeaveCriticalSection 16280->16284 16281->16280 16283->16274 16285 7ff7f77fdeb8 16286 7ff7f77fdec9 16285->16286 16287 7ff7f77fdefe HeapAlloc 16286->16287 16288 7ff7f77fdf1a 16286->16288 16291 7ff7f7802730 _get_daylight 2 API calls 16286->16291 16287->16286 16290 7ff7f77fdf18 16287->16290 16289 7ff7f77f6088 _get_daylight 10 API calls 16288->16289 16289->16290 16291->16286

                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                              Function 00007FFDFACFCB40 Relevance: 61.4, APIs: 34, Strings: 1, Instructions: 182COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 0 7ffdfacfcb40-7ffdfacfcb43 1 7ffdfacfcb49-7ffdfacfcb6a call 7ffdface1325 0->1 2 7ffdfacfcec5 0->2 5 7ffdfacfcec0-7ffdfacfcec4 1->5 6 7ffdfacfcb70-7ffdfacfcbdd call 7ffdfad5c745 CRYPTO_free * 2 1->6 5->2 9 7ffdfacfcbe9-7ffdfacfcc3d CRYPTO_free_ex_data OPENSSL_LH_free X509_STORE_free CTLOG_STORE_free OPENSSL_sk_free * 3 call 7ffdface11db 6->9 10 7ffdfacfcbdf-7ffdfacfcbe4 call 7ffdface1d9d 6->10 13 7ffdfacfcc42-7ffdfacfcd29 OPENSSL_sk_pop_free * 3 OPENSSL_sk_free call 7ffdface1811 call 7ffdface1032 CRYPTO_free * 4 CRYPTO_secure_free 9->13 10->9 18 7ffdfacfcd2b-7ffdfacfcd36 EVP_MD_get0_provider 13->18 19 7ffdfacfcd40-7ffdfacfcd4a 13->19 18->19 20 7ffdfacfcd38-7ffdfacfcd3b EVP_MD_free 18->20 21 7ffdfacfcd4c-7ffdfacfcd57 EVP_MD_get0_provider 19->21 22 7ffdfacfcd61-7ffdfacfcd6e 19->22 20->19 21->22 23 7ffdfacfcd59-7ffdfacfcd5c EVP_MD_free 21->23 24 7ffdfacfcd70-7ffdfacfcd76 22->24 23->22 25 7ffdfacfcd78-7ffdfacfcd83 EVP_CIPHER_get0_provider 24->25 26 7ffdfacfcd8d-7ffdfacfcd95 24->26 25->26 27 7ffdfacfcd85-7ffdfacfcd88 EVP_CIPHER_free 25->27 26->24 28 7ffdfacfcd97-7ffdfacfcd9e 26->28 27->26 29 7ffdfacfcda4-7ffdfacfcdaa 28->29 30 7ffdfacfcdac-7ffdfacfcdb7 EVP_MD_get0_provider 29->30 31 7ffdfacfcdc1-7ffdfacfcdc9 29->31 30->31 32 7ffdfacfcdb9-7ffdfacfcdbc EVP_MD_free 30->32 31->29 33 7ffdfacfcdcb-7ffdfacfcddc 31->33 32->31 34 7ffdfacfce4a-7ffdfacfcebb CRYPTO_free * 2 CRYPTO_THREAD_lock_free CRYPTO_free * 2 33->34 35 7ffdfacfcdde 33->35 34->5 36 7ffdfacfcde1-7ffdfacfce48 CRYPTO_free * 3 35->36 36->34 36->36
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_free$L_sk_free$D_freeD_get0_providerL_sk_pop_free$E_free$D_lock_freeH_freeO_free_ex_dataO_secure_freeR_freeR_get0_providerX509_
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                              • API String ID: 234229340-1080266419
                                                                                                                                                                                                                              • Opcode ID: 292dace10966945d553ad016d432662933ba4ea717c2be2375ccab36563cbbbc
                                                                                                                                                                                                                              • Instruction ID: 839004787fe924482eea6838bac2e9a75c49abaf059e966294e1bfbf4bcc94e0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 292dace10966945d553ad016d432662933ba4ea717c2be2375ccab36563cbbbc
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 32913326B0868684EB48AF21D9A1ABD2361FF85FC4F041072DE3D4B6DEEE6DE5418350
                                                                                                                                                                                                                              Function 00007FF7F7804EA0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 147 7ff7f7804ea0-7ff7f7804edb call 7ff7f7804828 call 7ff7f7804830 call 7ff7f7804898 154 7ff7f7805105-7ff7f7805151 call 7ff7f77f9f30 call 7ff7f7804828 call 7ff7f7804830 call 7ff7f7804898 147->154 155 7ff7f7804ee1-7ff7f7804eec call 7ff7f7804838 147->155 179 7ff7f780528f-7ff7f78053a7 call 7ff7f77f9f30 call 7ff7f7800738 call 7ff7f7804ea0 154->179 180 7ff7f7805157-7ff7f7805162 call 7ff7f7804838 154->180 155->154 160 7ff7f7804ef2-7ff7f7804efc 155->160 162 7ff7f7804f1e-7ff7f7804f22 160->162 163 7ff7f7804efe-7ff7f7804f01 160->163 166 7ff7f7804f25-7ff7f7804f2d 162->166 165 7ff7f7804f04-7ff7f7804f0f 163->165 168 7ff7f7804f11-7ff7f7804f18 165->168 169 7ff7f7804f1a-7ff7f7804f1c 165->169 166->166 170 7ff7f7804f2f-7ff7f7804f42 call 7ff7f77fcc2c 166->170 168->165 168->169 169->162 172 7ff7f7804f4b-7ff7f7804f59 169->172 177 7ff7f7804f44-7ff7f7804f46 call 7ff7f77f9f78 170->177 178 7ff7f7804f5a-7ff7f7804f66 call 7ff7f77f9f78 170->178 177->172 189 7ff7f7804f6d-7ff7f7804f75 178->189 210 7ff7f78053ac call 7ff7f77f9f78 call 7ff7f77ea100 179->210 180->179 188 7ff7f7805168-7ff7f7805173 call 7ff7f7804868 180->188 188->179 197 7ff7f7805179-7ff7f780519c call 7ff7f77f9f78 GetTimeZoneInformation 188->197 189->189 192 7ff7f7804f77-7ff7f7804f88 call 7ff7f77ff9a4 189->192 192->154 201 7ff7f7804f8e-7ff7f7804fe4 call 7ff7f77eb880 * 4 call 7ff7f7804dbc 192->201 207 7ff7f7805264-7ff7f780528e call 7ff7f7804820 call 7ff7f7804810 call 7ff7f7804818 197->207 208 7ff7f78051a2-7ff7f78051c3 197->208 241 7ff7f7804fe6-7ff7f7804fea 201->241 211 7ff7f78051c5-7ff7f78051cb 208->211 212 7ff7f78051ce-7ff7f78051d5 208->212 211->212 216 7ff7f78051e9 212->216 217 7ff7f78051d7-7ff7f78051df 212->217 223 7ff7f78051eb-7ff7f780525f call 7ff7f77eb880 * 4 call 7ff7f7801cfc call 7ff7f78053b4 * 2 216->223 217->216 221 7ff7f78051e1-7ff7f78051e7 217->221 221->223 223->207 243 7ff7f7804ff0-7ff7f7804ff4 241->243 244 7ff7f7804fec 241->244 243->241 246 7ff7f7804ff6-7ff7f780501b call 7ff7f7807ce4 243->246 244->243 252 7ff7f780501e-7ff7f7805022 246->252 254 7ff7f7805024-7ff7f780502f 252->254 255 7ff7f7805031-7ff7f7805035 252->255 254->255 257 7ff7f7805037-7ff7f780503b 254->257 255->252 259 7ff7f780503d-7ff7f7805065 call 7ff7f7807ce4 257->259 260 7ff7f78050bc-7ff7f78050c0 257->260 267 7ff7f7805083-7ff7f7805087 259->267 268 7ff7f7805067 259->268 261 7ff7f78050c2-7ff7f78050c4 260->261 262 7ff7f78050c7-7ff7f78050d4 260->262 261->262 264 7ff7f78050d6-7ff7f78050ec call 7ff7f7804dbc 262->264 265 7ff7f78050ef-7ff7f78050fe call 7ff7f7804820 call 7ff7f7804810 262->265 264->265 265->154 267->260 273 7ff7f7805089-7ff7f78050a7 call 7ff7f7807ce4 267->273 271 7ff7f780506a-7ff7f7805071 268->271 271->267 275 7ff7f7805073-7ff7f7805081 271->275 280 7ff7f78050b3-7ff7f78050ba 273->280 275->267 275->271 280->260 281 7ff7f78050a9-7ff7f78050ad 280->281 281->260 282 7ff7f78050af 281->282 282->280
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF7F7804EE5
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F7804838: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F780484C
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F77F9F78: HeapFree.KERNEL32(?,?,?,00007FF7F7801EC2,?,?,?,00007FF7F7801EFF,?,?,00000000,00007FF7F78023C5,?,?,00000000,00007FF7F78022F7), ref: 00007FF7F77F9F8E
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F77F9F78: GetLastError.KERNEL32(?,?,?,00007FF7F7801EC2,?,?,?,00007FF7F7801EFF,?,?,00000000,00007FF7F78023C5,?,?,00000000,00007FF7F78022F7), ref: 00007FF7F77F9F98
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F77F9F30: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7F77F9F0F,?,?,?,?,?,00007FF7F77F1A40), ref: 00007FF7F77F9F39
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F77F9F30: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7F77F9F0F,?,?,?,?,?,00007FF7F77F1A40), ref: 00007FF7F77F9F5E
                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF7F7804ED4
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F7804898: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F78048AC
                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF7F780514A
                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF7F780515B
                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF7F780516C
                                                                                                                                                                                                                              • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7F78053AC), ref: 00007FF7F7805193
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                              • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                              • API String ID: 4070488512-239921721
                                                                                                                                                                                                                              • Opcode ID: efd6bd86b0a9241ba49c40c51702d4a4216664c1cf6d90fa3e70e8402c69cba8
                                                                                                                                                                                                                              • Instruction ID: 24c79f31e7190146be39083eace930d44068d65718be63181020fe4095b79aaa
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: efd6bd86b0a9241ba49c40c51702d4a4216664c1cf6d90fa3e70e8402c69cba8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 22D1C02AA2824286E724BF21D8405B9ABA1FF45795FC04036EE2D476D5DF3CE462C7F0
                                                                                                                                                                                                                              Function 00007FF7F7805DEC Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 325 7ff7f7805dec-7ff7f7805e5f call 7ff7f7805b20 328 7ff7f7805e61-7ff7f7805e6a call 7ff7f77f6068 325->328 329 7ff7f7805e79-7ff7f7805e83 call 7ff7f77f6e60 325->329 334 7ff7f7805e6d-7ff7f7805e74 call 7ff7f77f6088 328->334 335 7ff7f7805e85-7ff7f7805e9c call 7ff7f77f6068 call 7ff7f77f6088 329->335 336 7ff7f7805e9e-7ff7f7805f07 CreateFileW 329->336 348 7ff7f78061ba-7ff7f78061da 334->348 335->334 339 7ff7f7805f84-7ff7f7805f8f GetFileType 336->339 340 7ff7f7805f09-7ff7f7805f0f 336->340 342 7ff7f7805fe2-7ff7f7805fe9 339->342 343 7ff7f7805f91-7ff7f7805fcc GetLastError call 7ff7f77f5ffc CloseHandle 339->343 345 7ff7f7805f51-7ff7f7805f7f GetLastError call 7ff7f77f5ffc 340->345 346 7ff7f7805f11-7ff7f7805f15 340->346 351 7ff7f7805ff1-7ff7f7805ff4 342->351 352 7ff7f7805feb-7ff7f7805fef 342->352 343->334 359 7ff7f7805fd2-7ff7f7805fdd call 7ff7f77f6088 343->359 345->334 346->345 353 7ff7f7805f17-7ff7f7805f4f CreateFileW 346->353 357 7ff7f7805ffa-7ff7f780604f call 7ff7f77f6d78 351->357 358 7ff7f7805ff6 351->358 352->357 353->339 353->345 363 7ff7f7806051-7ff7f780605d call 7ff7f7805d28 357->363 364 7ff7f780606e-7ff7f780609f call 7ff7f78058a0 357->364 358->357 359->334 363->364 370 7ff7f780605f 363->370 371 7ff7f78060a5-7ff7f78060e7 364->371 372 7ff7f78060a1-7ff7f78060a3 364->372 373 7ff7f7806061-7ff7f7806069 call 7ff7f77fa0f0 370->373 374 7ff7f7806109-7ff7f7806114 371->374 375 7ff7f78060e9-7ff7f78060ed 371->375 372->373 373->348 376 7ff7f780611a-7ff7f780611e 374->376 377 7ff7f78061b8 374->377 375->374 379 7ff7f78060ef-7ff7f7806104 375->379 376->377 380 7ff7f7806124-7ff7f7806169 CloseHandle CreateFileW 376->380 377->348 379->374 382 7ff7f780619e-7ff7f78061b3 380->382 383 7ff7f780616b-7ff7f7806199 GetLastError call 7ff7f77f5ffc call 7ff7f77f6fa0 380->383 382->377 383->382
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1617910340-0
                                                                                                                                                                                                                              • Opcode ID: 52a4378cdb78c32285671ba8c66096e739a338fe2dbd84037285ee5c330aca07
                                                                                                                                                                                                                              • Instruction ID: 360b9dc0af249a692f58dea3af871e1683dbc20958c27c105da80fa30da12113
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 52a4378cdb78c32285671ba8c66096e739a338fe2dbd84037285ee5c330aca07
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 37C1D43BB24A4285EB10DF64C4906AC7BA5FB49B98B811235DE3E577D5CF38D066C3A0
                                                                                                                                                                                                                              Function 00007FF7F77E17B0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 144COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _fread_nolock$_invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                                                                                                                                                                                              • API String ID: 3405171723-4158440160
                                                                                                                                                                                                                              • Opcode ID: e478e9a6a9b818ac5d48396b1352e31e83b990f663252a024ccd485c4c9523ba
                                                                                                                                                                                                                              • Instruction ID: 37def1dd47ba8866b8dda741ad43c753a6b88793beb8ee2c92cc1c5f19be5bba
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e478e9a6a9b818ac5d48396b1352e31e83b990f663252a024ccd485c4c9523ba
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E851BF76A2960286EB14EF24E45117CB7A1FF4CB48B808535D92C833D4DF7CE452C7A2
                                                                                                                                                                                                                              Function 00007FF7F77E12B0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                              • API String ID: 0-3659356012
                                                                                                                                                                                                                              • Opcode ID: 03fd057812bd2f625300accfdc906779021928dd580b2436cd48877f8d84e3f2
                                                                                                                                                                                                                              • Instruction ID: 4531b6cd27f788290a87f310a2daad26960622c1b31127148794d86df167ae45
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 03fd057812bd2f625300accfdc906779021928dd580b2436cd48877f8d84e3f2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E41812AB2864281EB10EB11F4016B9E7A0EB48794FC44431CE6D47BD5EE7CE483C3A1
                                                                                                                                                                                                                              Function 00007FF7F77E1000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 274COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 451 7ff7f77e1000-7ff7f77e27b6 call 7ff7f77ee3e0 call 7ff7f77ee3d8 call 7ff7f77e67c0 call 7ff7f77ea130 call 7ff7f77f4310 call 7ff7f77f4f7c call 7ff7f77e1af0 467 7ff7f77e27bc-7ff7f77e27cb call 7ff7f77e2cd0 451->467 468 7ff7f77e28ca 451->468 467->468 473 7ff7f77e27d1-7ff7f77e27e4 call 7ff7f77e2ba0 467->473 470 7ff7f77e28cf-7ff7f77e28ef call 7ff7f77ea100 468->470 473->468 477 7ff7f77e27ea-7ff7f77e27fd call 7ff7f77e2c50 473->477 477->468 480 7ff7f77e2803-7ff7f77e282a call 7ff7f77e5af0 477->480 483 7ff7f77e286c-7ff7f77e2894 call 7ff7f77e60f0 call 7ff7f77e19d0 480->483 484 7ff7f77e282c-7ff7f77e283b call 7ff7f77e5af0 480->484 495 7ff7f77e297d-7ff7f77e298e 483->495 496 7ff7f77e289a-7ff7f77e28b0 call 7ff7f77e19d0 483->496 484->483 490 7ff7f77e283d-7ff7f77e2843 484->490 492 7ff7f77e2845-7ff7f77e284d 490->492 493 7ff7f77e284f-7ff7f77e2869 call 7ff7f77f4138 call 7ff7f77e60f0 490->493 492->493 493->483 498 7ff7f77e29a3-7ff7f77e29bb call 7ff7f77e6db0 495->498 499 7ff7f77e2990-7ff7f77e299a call 7ff7f77e24a0 495->499 508 7ff7f77e28f0-7ff7f77e28f3 496->508 509 7ff7f77e28b2-7ff7f77e28c5 call 7ff7f77e1c50 496->509 513 7ff7f77e29ce-7ff7f77e29d5 SetDllDirectoryW 498->513 514 7ff7f77e29bd-7ff7f77e29c9 call 7ff7f77e1c50 498->514 511 7ff7f77e299c 499->511 512 7ff7f77e29db-7ff7f77e29e8 call 7ff7f77e4fa0 499->512 508->495 510 7ff7f77e28f9-7ff7f77e2910 call 7ff7f77e2de0 508->510 509->468 524 7ff7f77e2912-7ff7f77e2915 510->524 525 7ff7f77e2917-7ff7f77e2943 call 7ff7f77e6360 510->525 511->498 522 7ff7f77e2a36-7ff7f77e2a3b call 7ff7f77e4f20 512->522 523 7ff7f77e29ea-7ff7f77e29fa call 7ff7f77e4c40 512->523 513->512 514->468 530 7ff7f77e2a40-7ff7f77e2a43 522->530 523->522 537 7ff7f77e29fc-7ff7f77e2a0b call 7ff7f77e47a0 523->537 528 7ff7f77e2952-7ff7f77e2968 call 7ff7f77e1c50 524->528 538 7ff7f77e2945-7ff7f77e294d call 7ff7f77ee60c 525->538 539 7ff7f77e296d-7ff7f77e297b 525->539 528->468 535 7ff7f77e2af6-7ff7f77e2b05 call 7ff7f77e2330 530->535 536 7ff7f77e2a49-7ff7f77e2a56 530->536 535->468 553 7ff7f77e2b0b-7ff7f77e2b42 call 7ff7f77e6080 call 7ff7f77e5af0 call 7ff7f77e4540 535->553 540 7ff7f77e2a60-7ff7f77e2a6a 536->540 551 7ff7f77e2a2c-7ff7f77e2a31 call 7ff7f77e49f0 537->551 552 7ff7f77e2a0d-7ff7f77e2a19 call 7ff7f77e4730 537->552 538->528 539->499 544 7ff7f77e2a73-7ff7f77e2a75 540->544 545 7ff7f77e2a6c-7ff7f77e2a71 540->545 549 7ff7f77e2ac1-7ff7f77e2acc call 7ff7f77e2490 call 7ff7f77e22d0 544->549 550 7ff7f77e2a77-7ff7f77e2a9a call 7ff7f77e1b30 544->550 545->540 545->544 570 7ff7f77e2ad1-7ff7f77e2af1 call 7ff7f77e2480 call 7ff7f77e49f0 call 7ff7f77e4f20 549->570 550->468 563 7ff7f77e2aa0-7ff7f77e2aab 550->563 551->522 552->551 564 7ff7f77e2a1b-7ff7f77e2a2a call 7ff7f77e4df0 552->564 553->468 576 7ff7f77e2b48-7ff7f77e2b7d call 7ff7f77e2490 call 7ff7f77e6130 call 7ff7f77e49f0 call 7ff7f77e4f20 553->576 567 7ff7f77e2ab0-7ff7f77e2abf 563->567 564->530 567->549 567->567 570->470 589 7ff7f77e2b7f-7ff7f77e2b82 call 7ff7f77e5df0 576->589 590 7ff7f77e2b87-7ff7f77e2b91 call 7ff7f77e1ab0 576->590 589->590 590->470
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F77E2CD0: GetModuleFileNameW.KERNEL32(?,00007FF7F77E27C9,?,?,?,?,?,?), ref: 00007FF7F77E2D01
                                                                                                                                                                                                                              • SetDllDirectoryW.KERNEL32 ref: 00007FF7F77E29D5
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F77E5AF0: GetEnvironmentVariableW.KERNEL32(00007FF7F77E2817,?,?,?,?,?,?), ref: 00007FF7F77E5B2A
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F77E5AF0: ExpandEnvironmentStringsW.KERNEL32(?,?,?,?,?,?), ref: 00007FF7F77E5B47
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                                                                                                                                                                                              • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                                                                                              • API String ID: 2344891160-3602715111
                                                                                                                                                                                                                              • Opcode ID: a829fb4f8bff880b56f1dc2ed2832eed403f519cff3d2e5cf3613c16a082b03b
                                                                                                                                                                                                                              • Instruction ID: 400d0d0e007628ec4c083d47f74fadbfb1df88745b4a8def181ef6662b9ca3d0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a829fb4f8bff880b56f1dc2ed2832eed403f519cff3d2e5cf3613c16a082b03b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 93C1622AA38A8341EB24BB2194512FD9391BF48784FC05031EE6D476D6EF7CE51787B2
                                                                                                                                                                                                                              Function 00007FF7F77E1050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 594 7ff7f77e1050-7ff7f77e10ab call 7ff7f77e9990 597 7ff7f77e10d3-7ff7f77e10eb call 7ff7f77f414c 594->597 598 7ff7f77e10ad-7ff7f77e10d2 call 7ff7f77e1c50 594->598 603 7ff7f77e10ed-7ff7f77e1104 call 7ff7f77e1c10 597->603 604 7ff7f77e1109-7ff7f77e1119 call 7ff7f77f414c 597->604 609 7ff7f77e126c-7ff7f77e12a0 call 7ff7f77e9670 call 7ff7f77f4138 * 2 603->609 610 7ff7f77e111b-7ff7f77e1132 call 7ff7f77e1c10 604->610 611 7ff7f77e1137-7ff7f77e1147 604->611 610->609 613 7ff7f77e1150-7ff7f77e116d call 7ff7f77ee95c 611->613 618 7ff7f77e1172-7ff7f77e1175 613->618 620 7ff7f77e117b-7ff7f77e1185 call 7ff7f77ee6d0 618->620 621 7ff7f77e125e 618->621 620->621 628 7ff7f77e118b-7ff7f77e1197 620->628 623 7ff7f77e1264 621->623 623->609 629 7ff7f77e11a0-7ff7f77e11c8 call 7ff7f77e7de0 628->629 632 7ff7f77e1241-7ff7f77e125c call 7ff7f77e1c50 629->632 633 7ff7f77e11ca-7ff7f77e11cd 629->633 632->623 634 7ff7f77e11cf-7ff7f77e11d9 633->634 635 7ff7f77e123c 633->635 637 7ff7f77e1203-7ff7f77e1206 634->637 638 7ff7f77e11db-7ff7f77e11f0 call 7ff7f77ef09c 634->638 635->632 641 7ff7f77e1208-7ff7f77e1216 call 7ff7f77eaec0 637->641 642 7ff7f77e1219-7ff7f77e121e 637->642 648 7ff7f77e11f2-7ff7f77e11fc call 7ff7f77ee6d0 638->648 649 7ff7f77e11fe-7ff7f77e1201 638->649 641->642 642->629 645 7ff7f77e1220-7ff7f77e1223 642->645 646 7ff7f77e1225-7ff7f77e1228 645->646 647 7ff7f77e1237-7ff7f77e123a 645->647 646->632 651 7ff7f77e122a-7ff7f77e1232 646->651 647->623 648->642 648->649 649->632 651->613
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: 1.2.13$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                              • API String ID: 0-1655038675
                                                                                                                                                                                                                              • Opcode ID: b91f83cfa437695189921e931868a44ff3310bea131235cabe2622112ecbdb6f
                                                                                                                                                                                                                              • Instruction ID: 24931a3e56d363225abb18d81f8469283aa1ede7c03bdb5d50aeafe616e7fddf
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b91f83cfa437695189921e931868a44ff3310bea131235cabe2622112ecbdb6f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F651062AB1868281EB60BB51E8013B9A290FB88794FC44531DD6D877D5EF3CE456C3B2
                                                                                                                                                                                                                              Function 00007FF7F77FB08C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 654 7ff7f77fb08c-7ff7f77fb0b2 655 7ff7f77fb0b4-7ff7f77fb0c8 call 7ff7f77f6068 call 7ff7f77f6088 654->655 656 7ff7f77fb0cd-7ff7f77fb0d1 654->656 670 7ff7f77fb4be 655->670 657 7ff7f77fb4a7-7ff7f77fb4b3 call 7ff7f77f6068 call 7ff7f77f6088 656->657 658 7ff7f77fb0d7-7ff7f77fb0de 656->658 677 7ff7f77fb4b9 call 7ff7f77f9f10 657->677 658->657 660 7ff7f77fb0e4-7ff7f77fb112 658->660 660->657 663 7ff7f77fb118-7ff7f77fb11f 660->663 666 7ff7f77fb121-7ff7f77fb133 call 7ff7f77f6068 call 7ff7f77f6088 663->666 667 7ff7f77fb138-7ff7f77fb13b 663->667 666->677 673 7ff7f77fb4a3-7ff7f77fb4a5 667->673 674 7ff7f77fb141-7ff7f77fb147 667->674 675 7ff7f77fb4c1-7ff7f77fb4d8 670->675 673->675 674->673 678 7ff7f77fb14d-7ff7f77fb150 674->678 677->670 678->666 681 7ff7f77fb152-7ff7f77fb177 678->681 683 7ff7f77fb1aa-7ff7f77fb1b1 681->683 684 7ff7f77fb179-7ff7f77fb17b 681->684 685 7ff7f77fb186-7ff7f77fb19d call 7ff7f77f6068 call 7ff7f77f6088 call 7ff7f77f9f10 683->685 686 7ff7f77fb1b3-7ff7f77fb1db call 7ff7f77fcc2c call 7ff7f77f9f78 * 2 683->686 687 7ff7f77fb1a2-7ff7f77fb1a8 684->687 688 7ff7f77fb17d-7ff7f77fb184 684->688 716 7ff7f77fb330 685->716 719 7ff7f77fb1dd-7ff7f77fb1f3 call 7ff7f77f6088 call 7ff7f77f6068 686->719 720 7ff7f77fb1f8-7ff7f77fb223 call 7ff7f77fb8b4 686->720 690 7ff7f77fb228-7ff7f77fb23f 687->690 688->685 688->687 693 7ff7f77fb241-7ff7f77fb249 690->693 694 7ff7f77fb2ba-7ff7f77fb2c4 call 7ff7f7802abc 690->694 693->694 698 7ff7f77fb24b-7ff7f77fb24d 693->698 705 7ff7f77fb34e 694->705 706 7ff7f77fb2ca-7ff7f77fb2df 694->706 698->694 702 7ff7f77fb24f-7ff7f77fb265 698->702 702->694 707 7ff7f77fb267-7ff7f77fb273 702->707 709 7ff7f77fb353-7ff7f77fb373 ReadFile 705->709 706->705 711 7ff7f77fb2e1-7ff7f77fb2f3 GetConsoleMode 706->711 707->694 712 7ff7f77fb275-7ff7f77fb277 707->712 714 7ff7f77fb46d-7ff7f77fb476 GetLastError 709->714 715 7ff7f77fb379-7ff7f77fb381 709->715 711->705 717 7ff7f77fb2f5-7ff7f77fb2fd 711->717 712->694 718 7ff7f77fb279-7ff7f77fb291 712->718 725 7ff7f77fb493-7ff7f77fb496 714->725 726 7ff7f77fb478-7ff7f77fb48e call 7ff7f77f6088 call 7ff7f77f6068 714->726 715->714 722 7ff7f77fb387 715->722 727 7ff7f77fb333-7ff7f77fb33d call 7ff7f77f9f78 716->727 717->709 724 7ff7f77fb2ff-7ff7f77fb321 ReadConsoleW 717->724 718->694 728 7ff7f77fb293-7ff7f77fb29f 718->728 719->716 720->690 732 7ff7f77fb38e-7ff7f77fb3a3 722->732 734 7ff7f77fb323 GetLastError 724->734 735 7ff7f77fb342-7ff7f77fb34c 724->735 729 7ff7f77fb49c-7ff7f77fb49e 725->729 730 7ff7f77fb329-7ff7f77fb32b call 7ff7f77f5ffc 725->730 726->716 727->675 728->694 738 7ff7f77fb2a1-7ff7f77fb2a3 728->738 729->727 730->716 732->727 741 7ff7f77fb3a5-7ff7f77fb3b0 732->741 734->730 735->732 738->694 739 7ff7f77fb2a5-7ff7f77fb2b5 738->739 739->694 746 7ff7f77fb3b2-7ff7f77fb3cb call 7ff7f77faca4 741->746 747 7ff7f77fb3d7-7ff7f77fb3df 741->747 754 7ff7f77fb3d0-7ff7f77fb3d2 746->754 750 7ff7f77fb3e1-7ff7f77fb3f3 747->750 751 7ff7f77fb45b-7ff7f77fb468 call 7ff7f77faae4 747->751 755 7ff7f77fb3f5 750->755 756 7ff7f77fb44e-7ff7f77fb456 750->756 751->754 754->727 758 7ff7f77fb3fa-7ff7f77fb401 755->758 756->727 759 7ff7f77fb403-7ff7f77fb407 758->759 760 7ff7f77fb43d-7ff7f77fb448 758->760 761 7ff7f77fb423 759->761 762 7ff7f77fb409-7ff7f77fb410 759->762 760->756 763 7ff7f77fb429-7ff7f77fb439 761->763 762->761 764 7ff7f77fb412-7ff7f77fb416 762->764 763->758 766 7ff7f77fb43b 763->766 764->761 765 7ff7f77fb418-7ff7f77fb421 764->765 765->763 766->756
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: 6ace3fbad8ddd1cd05ed41dddf3a6c6a2c6962649ba5052cc4813f441b9b9292
                                                                                                                                                                                                                              • Instruction ID: 0b756d67ee9a6c8ade0c42e1735ad2864fca05846e786e4ec76e7ccb485b4a1c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6ace3fbad8ddd1cd05ed41dddf3a6c6a2c6962649ba5052cc4813f441b9b9292
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E9C1D52AA2C68681E750BB2596006FDAA95EF89B80FD54131DD7D037E1CE7DE44A83F0
                                                                                                                                                                                                                              Function 00007FF7F77FE95C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4170891091-0
                                                                                                                                                                                                                              • Opcode ID: 993f4cb53d01987759aa9ab87d439edc94425a62c6450610c4994d1423bcdf7f
                                                                                                                                                                                                                              • Instruction ID: 5e699825b9b1a4df6bef1df547f93e315f66c0d4de2d8bf1a12120a17a40faf2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 993f4cb53d01987759aa9ab87d439edc94425a62c6450610c4994d1423bcdf7f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE514B76F2411146EB14EF24DE45AFCA7A1AB49359F940235DD3E46AD4DF38A403C7E0
                                                                                                                                                                                                                              Function 00007FF7F77F483C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2780335769-0
                                                                                                                                                                                                                              • Opcode ID: 1291a0862dc251a0f1dda952d285f4a36c3dc69b0fb142e3468d3d288eb0a289
                                                                                                                                                                                                                              • Instruction ID: b38618c0287004c82dab9d36cc58b8b77eb0abf8f9412a5e4134bacc13aa238b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1291a0862dc251a0f1dda952d285f4a36c3dc69b0fb142e3468d3d288eb0a289
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8951902AB286418AFB10EF71D5507BD67E1BB48B58F508035DE6D57689DF38D48283F0
                                                                                                                                                                                                                              Function 00007FF7F77F46E8 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1279662727-0
                                                                                                                                                                                                                              • Opcode ID: 58b178a13046118a9aa3eab3ad0445e857bf873c1952e3e12f7b4cc56e3b75ff
                                                                                                                                                                                                                              • Instruction ID: 9a6f1d7d81c298774faa2afe5fb479923e88672f40f168f4bb03912c2c7fc610
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 58b178a13046118a9aa3eab3ad0445e857bf873c1952e3e12f7b4cc56e3b75ff
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9441C926D2878183E750AB6196003B9B760FB99764F505334DA7C03AD5DF6CA5A187F0
                                                                                                                                                                                                                              Function 00007FF7F77EA51C Relevance: 4.6, APIs: 3, Instructions: 102COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3058843127-0
                                                                                                                                                                                                                              • Opcode ID: 0a8c62a57e2cf59f1561fe537eeb51f2220189f8d74725526a3d26dbeb988a7e
                                                                                                                                                                                                                              • Instruction ID: 5c01b6c2f404099f875fde63efd54cd9bfeceb6b4dab5eb85a498e3f1d734ac1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0a8c62a57e2cf59f1561fe537eeb51f2220189f8d74725526a3d26dbeb988a7e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 44316C29E2820242FB14BB20D511BB9E791AF8A784FC64435ED2D472D3DE3CE45782F2
                                                                                                                                                                                                                              Function 00007FF7F77EE6FC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: a3600ff4682811ddeb36fb761298261c2e9791cf1ca8f4758584451e9995ac85
                                                                                                                                                                                                                              • Instruction ID: 00696e103675b8571c2ad2e1c4fc31d278cf8ad4b1d78bc44190f604b086f49e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a3600ff4682811ddeb36fb761298261c2e9791cf1ca8f4758584451e9995ac85
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A51F929B2968245F768BA25940067AE1D1BF48BA4F984A34DD7C477C5CEFCD40387B2
                                                                                                                                                                                                                              Function 00007FF7F77FBA48 Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: FileHandleType
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3000768030-0
                                                                                                                                                                                                                              • Opcode ID: 51d66a3ea3a1e5720d3031fa8d01ef1f6d3b4a26eee4bfd04239a76c9c1293a5
                                                                                                                                                                                                                              • Instruction ID: 725e1eee7c66aee8a059bb301e3e36e46a0f4d45c6ad731ea419d0910e6d04ef
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 51d66a3ea3a1e5720d3031fa8d01ef1f6d3b4a26eee4bfd04239a76c9c1293a5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A731BD26A34B4541D7619B2586801B8AA50FB49BB0FA41335DF7E073F4CF38E462D3E4
                                                                                                                                                                                                                              Function 00007FF7F77FB764 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • SetFilePointerEx.KERNEL32(?,?,?,?,?,00007FF7F77FB750,00000000,?,?,?,00007FF7F77E1023,00007FF7F77FB859), ref: 00007FF7F77FB7B0
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,00007FF7F77FB750,00000000,?,?,?,00007FF7F77E1023,00007FF7F77FB859), ref: 00007FF7F77FB7BA
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2976181284-0
                                                                                                                                                                                                                              • Opcode ID: 7196098b30ecd42809471233c9619b7315c9fb41ce716e28bdee8d0b35162eb6
                                                                                                                                                                                                                              • Instruction ID: 94c3e8eb970903027786556e2a058a2a3a440d38fa3053bcfd93da8fe73ea700
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7196098b30ecd42809471233c9619b7315c9fb41ce716e28bdee8d0b35162eb6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4611C86A628A4181DB50AB39A5040A9E761AB48BF4F944331EE7D077E9CE3CD05687E0
                                                                                                                                                                                                                              Function 00007FF7F77F49E4 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F77F48F9), ref: 00007FF7F77F4A17
                                                                                                                                                                                                                              • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F77F48F9), ref: 00007FF7F77F4A2D
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1707611234-0
                                                                                                                                                                                                                              • Opcode ID: 5359c6eadbc125880de5eb3a516e79e0ad43a75e61374d6be107f92d83a7530b
                                                                                                                                                                                                                              • Instruction ID: a3f2d829cd936210b856a2b60b06d02db8b7780bfc2b0d96e73250f2e2022b17
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5359c6eadbc125880de5eb3a516e79e0ad43a75e61374d6be107f92d83a7530b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A11E73662C64282EB10AB15A40107EF7A0FB84771F900235FABD41AD4DF7CD055CBA0
                                                                                                                                                                                                                              Function 00007FF7F77FA188 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,00007FF7F77FA005,?,?,00000000,00007FF7F77FA0BA), ref: 00007FF7F77FA1F6
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF7F77FA005,?,?,00000000,00007FF7F77FA0BA), ref: 00007FF7F77FA200
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 918212764-0
                                                                                                                                                                                                                              • Opcode ID: 6fe57093fbbb00cdf8389479e1e18e52ea82cce6ea34632ee61e1d7ac301845a
                                                                                                                                                                                                                              • Instruction ID: ba73d65a03cd63ed67d8e7d9adffe27a6772bed933f90327818b66394c926946
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6fe57093fbbb00cdf8389479e1e18e52ea82cce6ea34632ee61e1d7ac301845a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F521C219F3864241FB9077619A902F9A6919F8D7A0FC64634DE3E472C6CE6CA44783F0
                                                                                                                                                                                                                              Function 00007FF7F77FB4DC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: 3cb10c43647639a768565940e1ce5c449de1869fbc1a92892aa118bde093882e
                                                                                                                                                                                                                              • Instruction ID: 81cf6b4d3f9c2444d8a4e90ab5a8b021bdfaba1a63e56396acdc709bd6294512
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3cb10c43647639a768565940e1ce5c449de1869fbc1a92892aa118bde093882e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4141A836A2824187EB24AA29E6501B9F790EB59794F940131DAB9836E4DF2CE403C7F1
                                                                                                                                                                                                                              Function 00007FF7F77E6360 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _fread_nolock
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 840049012-0
                                                                                                                                                                                                                              • Opcode ID: 876798a013418f114101869a1216dcd171d982bfab97e26ee4bcc05a79a91c19
                                                                                                                                                                                                                              • Instruction ID: e316dc39e6f108c9d2b8c831a4301f160ddbb55062edfc8f26ffd07fe5218630
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 876798a013418f114101869a1216dcd171d982bfab97e26ee4bcc05a79a91c19
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A0219529B2869245FB14BB1265043BAE651BF4ABC4FC84430DD2C477C6DE7CE1468371
                                                                                                                                                                                                                              Function 00007FF7F77FAF6C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: ff4bd6b019ced27284b6fa2760217448de45b7808968d4935831090a049e7df0
                                                                                                                                                                                                                              • Instruction ID: 3d3e5da517fd67ff74cde4141a29e6bcd503e87b37c66627b7bb0a1e1b4162f6
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ff4bd6b019ced27284b6fa2760217448de45b7808968d4935831090a049e7df0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C931C36AE3860281E7117B658541BFDA690AB49B60FD10136ED3D473D2CE7DE84387F0
                                                                                                                                                                                                                              Function 00007FF7F77F5538 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: 25f020cec256df429067bb606d051891f0f83e0bb8faa834007163ccabd97c9c
                                                                                                                                                                                                                              • Instruction ID: afbd57bda59f1ffeff023458a5ba9f9fe4b8be52617ae5f9b183f045001522e6
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 25f020cec256df429067bb606d051891f0f83e0bb8faa834007163ccabd97c9c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 69116229A2C64181EB60BF51D6006FDE2A4BF89B80FA44431EEBC576C6CE7DD44257F0
                                                                                                                                                                                                                              Function 00007FF7F78057DC Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: e860bb9bc84c29a06dccfc010b7eb52daf61d2c250f48aeb7393b4a8ace16f10
                                                                                                                                                                                                                              • Instruction ID: 3f88d80c338670c60e5169196577c1869733007da5fd6c0a73cc6ff437b56e28
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e860bb9bc84c29a06dccfc010b7eb52daf61d2c250f48aeb7393b4a8ace16f10
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2F212C36A2864187D760AF18D44077ABAE0FB84B55F944234DB7D476D5DF3CD412CBA0
                                                                                                                                                                                                                              Function 00007FF7F77EE97C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: 298f7b2a666c55937c0a4044f00fb88544ba948c427ceaa5fd6043e577695ec0
                                                                                                                                                                                                                              • Instruction ID: 58dcb06036331c4cea4b7445c641c23416db8b1a8d9c280b42b67510cb05f8ed
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 298f7b2a666c55937c0a4044f00fb88544ba948c427ceaa5fd6043e577695ec0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E101E525A2875141EB44BB5299000B9E695BF89FE0F884A31DE7C13BD6CEBCD01287A1
                                                                                                                                                                                                                              Function 00007FF7F77E6310 Relevance: 1.5, APIs: 1, Instructions: 20libraryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F77E6DB0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF7F77E6DEA
                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF7F77E22DE,?,?,?,?), ref: 00007FF7F77E6333
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2592636585-0
                                                                                                                                                                                                                              • Opcode ID: 4f2292e1e78b6b04c2ade65416a023b90951e6264d27b8cd69ba397aaf3470f3
                                                                                                                                                                                                                              • Instruction ID: f8abbd875395f96bd4fe57283624392db5496076808645a7f70297b385a6e9da
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4f2292e1e78b6b04c2ade65416a023b90951e6264d27b8cd69ba397aaf3470f3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3AE02612B2454542DF18A767A9014BAE291EF4CBC0BC88030DE1D43785DC3CC4A24B40
                                                                                                                                                                                                                              Function 00007FF7F77FDEB8 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(?,?,00000000,00007FF7F77FAA16,?,?,?,00007FF7F77F9BD3,?,?,00000000,00007FF7F77F9E6E), ref: 00007FF7F77FDF0D
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AllocHeap
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4292702814-0
                                                                                                                                                                                                                              • Opcode ID: 69550027ed8e3bf035e7bef6798a6f7658c1153be72ca181ca789a5114add420
                                                                                                                                                                                                                              • Instruction ID: 9ed1e781827ba40af93ee35acb0c64816eabcd410f0594fd749e749df36d8a26
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 69550027ed8e3bf035e7bef6798a6f7658c1153be72ca181ca789a5114add420
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 49F01448B2E20340FF587B615A216F5A6955F99B40FCC4431CD3E862D5EE2CA4A382F0
                                                                                                                                                                                                                              Function 00007FF7F77FCC2C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(?,?,?,00007FF7F77EF1E4,?,?,?,00007FF7F77F06F6,?,?,?,?,?,00007FF7F77F275D), ref: 00007FF7F77FCC6A
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AllocHeap
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4292702814-0
                                                                                                                                                                                                                              • Opcode ID: b827a7ab023d1767f95784f6f7fefaf86c66ee15463514ccfd07e797832e7771
                                                                                                                                                                                                                              • Instruction ID: 46ee3e0c0db0d27420b2c3ee4d6304b014ecb397de1c445c5caf6167cdfe2c7b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b827a7ab023d1767f95784f6f7fefaf86c66ee15463514ccfd07e797832e7771
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1EF0BE08B3D30640FF157B722A016F581809F4D7A0F881230CD3E852C1DD2CA453C2F0

                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                              Function 00007FFDFAD05CF0 Relevance: 138.7, APIs: 77, Strings: 2, Instructions: 437COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • ERR_new.LIBCRYPTO-3(?,?,00000000,00000000,00000000,00007FFDFACFFEB9), ref: 00007FFDFAD05D22
                                                                                                                                                                                                                              • ERR_set_debug.LIBCRYPTO-3(?,?,00000000,00000000,00000000,00007FFDFACFFEB9), ref: 00007FFDFAD05D3A
                                                                                                                                                                                                                              • ERR_set_error.LIBCRYPTO-3(?,?,00000000,00000000,00000000,00007FFDFACFFEB9), ref: 00007FFDFAD05D4B
                                                                                                                                                                                                                              • ERR_new.LIBCRYPTO-3(?,?,00000000,00000000,00000000,00007FFDFACFFEB9), ref: 00007FFDFAD05D7B
                                                                                                                                                                                                                              • ERR_set_debug.LIBCRYPTO-3(?,?,00000000,00000000,00000000,00007FFDFACFFEB9), ref: 00007FFDFAD05D93
                                                                                                                                                                                                                              • ERR_set_error.LIBCRYPTO-3(?,?,00000000,00000000,00000000,00007FFDFACFFEB9), ref: 00007FFDFAD05DA4
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c$dane_tlsa_add
                                                                                                                                                                                                                              • API String ID: 1552677711-3143159635
                                                                                                                                                                                                                              • Opcode ID: 0700cbb183764d6613fd3ca7249aea5912d2ee2d44f9637d26a1739d6963fe6f
                                                                                                                                                                                                                              • Instruction ID: e30cb836d5e7e9a275f0a700cd70bbc11d8dc74133698e8c9cc4c21504037a8c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0700cbb183764d6613fd3ca7249aea5912d2ee2d44f9637d26a1739d6963fe6f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9F027E26F186A695F758E720EC61EB92250FB417D0F5480B1DE6D03ADEFEACE9468301
                                                                                                                                                                                                                              Function 00007FFDFACE21DF Relevance: 110.7, APIs: 57, Strings: 6, Instructions: 483COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_new$R_set_debugX_new$X_free
                                                                                                                                                                                                                              • String ID: ..\s\ssl\t1_enc.c$HMAC$tls-mac-size$tls-version$tls1_change_cipher_state$tls_provider_set_tls_params
                                                                                                                                                                                                                              • API String ID: 1274617517-1172825828
                                                                                                                                                                                                                              • Opcode ID: 5bc5554ddd7bb702f3816a646488489912337c9d1c53e94c9d18e12e20747e55
                                                                                                                                                                                                                              • Instruction ID: f0583a9098df0881bc0be976c3930dde4890e43ef24c9be46743e7e64f4e8e1c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5bc5554ddd7bb702f3816a646488489912337c9d1c53e94c9d18e12e20747e55
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A022B022B08A8696FB1CDB15D860BB963A4FF85B84F404075EA6D437DAEF7CE552C700
                                                                                                                                                                                                                              Function 00007FFDFACE1D8E Relevance: 67.0, APIs: 33, Strings: 5, Instructions: 474COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: X_free$O_free$C_freeR_freeX_new$C_fetchC_finalC_initDecryptInit_exM_construct_endM_construct_utf8_stringN1_item_freeO_mallocO_memcmpR_clear_errorR_fetchR_newR_set_debugR_set_errorX_get_iv_lengthX_get_mac_sizememcpy
                                                                                                                                                                                                                              • String ID: ..\s\ssl\t1_lib.c$AES-256-CBC$HMAC$SHA256$digest
                                                                                                                                                                                                                              • API String ID: 4048587579-2842977263
                                                                                                                                                                                                                              • Opcode ID: b735a71847fcb749baf3f61abe792e75ae758b9da39b0937bdda9c78b84b384b
                                                                                                                                                                                                                              • Instruction ID: 213a357a108d768787e502af46eb2761426e5d7de13eae95245c25f34257830e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b735a71847fcb749baf3f61abe792e75ae758b9da39b0937bdda9c78b84b384b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0012A062B1CA8295FB5C9B6598A0BBD23A0EF45BC4F044076DA6E477EDEF3CE5418300
                                                                                                                                                                                                                              Function 00007FFDFACE1EDD Relevance: 58.2, APIs: 30, Strings: 3, Instructions: 461COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_new$R_set_debug$L_cleanseO_free$D_get0_nameD_is_aD_lock_newO_mallocO_strndupR_set_error_time64memcpy
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions_srvr.c$D:\a\1\s\include\internal/packet.h$tls_parse_ctos_psk
                                                                                                                                                                                                                              • API String ID: 4153193716-3130753023
                                                                                                                                                                                                                              • Opcode ID: 1f5c165f081e2b630bbd1caa169cba93006ed19e963177b2c0bea09c2ce7ca5d
                                                                                                                                                                                                                              • Instruction ID: 303821f042a6af0fbb401974266f144552d1c0a2c7c5c2ca9ab0550f18395d5f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1f5c165f081e2b630bbd1caa169cba93006ed19e963177b2c0bea09c2ce7ca5d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C012C262B0978281EB189B65DC64AFE6790FB81BC4F044072DE6D47ADEEF7CE4858700
                                                                                                                                                                                                                              Function 00007FFDFACF7980 Relevance: 51.7, APIs: 25, Strings: 4, Instructions: 927COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debugR_set_error$O_mallocstrncmp
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_ciph.c$ALL:!COMPLEMENTOFDEFAULT:!eNULL$DEFAULT$ssl_create_cipher_list
                                                                                                                                                                                                                              • API String ID: 3221604530-3764566645
                                                                                                                                                                                                                              • Opcode ID: 6c11b8ace02cfa015ee622c72bf8590f67725cfadeff53421308f2a75d1ca6f6
                                                                                                                                                                                                                              • Instruction ID: 5a05c4bfa3f580b32dbd19c12087a0d700e387a20ffdb747ed38a8f0a024b19b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6c11b8ace02cfa015ee622c72bf8590f67725cfadeff53421308f2a75d1ca6f6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0B827C7AB09B8681EF5CCF469460A7D23A0FB14B84F688075DA6C47798DF3DE941C750
                                                                                                                                                                                                                              Function 00007FFDFACE13D9 Relevance: 47.5, APIs: 25, Strings: 2, Instructions: 256COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: L_sk_new_nullL_sk_pop_freeR_newR_set_debugX509X509_freeX509_new_exd2i_
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_clnt.c$tls_process_server_certificate
                                                                                                                                                                                                                              • API String ID: 3085087540-2730446810
                                                                                                                                                                                                                              • Opcode ID: 4484d8c19de585067a13e5cc86f25ebe1c885de7d50b475d7d60abdeaf7e5102
                                                                                                                                                                                                                              • Instruction ID: a8066c9d6a4c8407c8280b4de01e0ef0bcad1e51f81baecb6ebb0fa7dda2dba5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4484d8c19de585067a13e5cc86f25ebe1c885de7d50b475d7d60abdeaf7e5102
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3AC1B462B18A8285E7289B25EC60FFD63A0EB40B84F144172DE6D476DEEF7CE945C740
                                                                                                                                                                                                                              Function 00007FFDFACE1AD7 Relevance: 44.1, APIs: 23, Strings: 2, Instructions: 341COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debug
                                                                                                                                                                                                                              • String ID: ..\s\ssl\record\rec_layer_d1.c$do_dtls1_write
                                                                                                                                                                                                                              • API String ID: 193678381-4025505965
                                                                                                                                                                                                                              • Opcode ID: 1028db9e0399631e8c91d5e5c48bf10029a3f98f78ae5d7491d438c13531d291
                                                                                                                                                                                                                              • Instruction ID: 003f6b82a7b6ee06ffb13b564bcec0f81f302c897d0bcb135a53a5e3cf5a4cc9
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1028db9e0399631e8c91d5e5c48bf10029a3f98f78ae5d7491d438c13531d291
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 76F18D36B08A8286E758DB65E860FED33A0FB94B88F0441B6DE6D576D9EF38D445C300
                                                                                                                                                                                                                              Function 00007FFDFACE1B18 Relevance: 44.1, APIs: 23, Strings: 2, Instructions: 310COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_new$R_set_debug$L_cleanse$O_freeO_memcmpO_memdupmemset
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_early_data
                                                                                                                                                                                                                              • API String ID: 1127568407-4186250837
                                                                                                                                                                                                                              • Opcode ID: 1a05b4d592d7ca7183120348d2b352f291d0076a4055160dc3b4686857713463
                                                                                                                                                                                                                              • Instruction ID: f7b694e5047416d5c34687a9a908efba7236b601aefe750e4e3ba697b9fe4194
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1a05b4d592d7ca7183120348d2b352f291d0076a4055160dc3b4686857713463
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 97D19225B0D78745FB699B21EC60BF96298EF85B84F140071E96E476CEEF7CE9818300
                                                                                                                                                                                                                              Function 00007FFDFAD59B30 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 182COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debug$X_free
                                                                                                                                                                                                                              • String ID: $ $..\s\ssl\statem\statem_srvr.c$tls_process_cke_gost18
                                                                                                                                                                                                                              • API String ID: 1470995052-4050591057
                                                                                                                                                                                                                              • Opcode ID: 78ad61be308a8177514db57305e23fe414bce2eb0cc35fdcafd9362817d66b97
                                                                                                                                                                                                                              • Instruction ID: 9e626f10ca654d649f66f26861e59846f49013c9a6f292c63503eb118e8e8053
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 78ad61be308a8177514db57305e23fe414bce2eb0cc35fdcafd9362817d66b97
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FD819E2AB1864249F76CEB21EC61EF92251EF95784F800172D96D436DAFFBCE9418740
                                                                                                                                                                                                                              Function 00007FFDFAD43D30 Relevance: 38.7, APIs: 20, Strings: 2, Instructions: 172COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • ERR_new.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FFDFAD44E8C), ref: 00007FFDFAD43D7D
                                                                                                                                                                                                                              • ERR_set_debug.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FFDFAD44E8C), ref: 00007FFDFAD43D95
                                                                                                                                                                                                                              • memset.VCRUNTIME140(00000000,?,?,?,?,?,?,00007FFDFAD44E8C), ref: 00007FFDFAD43DB2
                                                                                                                                                                                                                              • ERR_new.LIBCRYPTO-3(?,?,?,?,?,?,00007FFDFAD44E8C), ref: 00007FFDFAD43DF6
                                                                                                                                                                                                                              • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,?,?,00007FFDFAD44E8C), ref: 00007FFDFAD43E0E
                                                                                                                                                                                                                              • OPENSSL_cleanse.LIBCRYPTO-3(?,?,?,?,?,?,00007FFDFAD44E8C), ref: 00007FFDFAD43FCD
                                                                                                                                                                                                                              • OPENSSL_cleanse.LIBCRYPTO-3(?,?,?,?,?,?,00007FFDFAD44E8C), ref: 00007FFDFAD43FDC
                                                                                                                                                                                                                              • CRYPTO_clear_free.LIBCRYPTO-3(?,?,?,?,?,?,00007FFDFAD44E8C), ref: 00007FFDFAD43FF4
                                                                                                                                                                                                                              • CRYPTO_clear_free.LIBCRYPTO-3(?,?,?,?,?,?,00007FFDFAD44E8C), ref: 00007FFDFAD4400C
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: L_cleanseO_clear_freeR_newR_set_debug$memset
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_clnt.c$tls_construct_cke_psk_preamble
                                                                                                                                                                                                                              • API String ID: 1611825735-1354659140
                                                                                                                                                                                                                              • Opcode ID: f9789fc2892457d5d8468ed90721af1651c91caa14e317bcffa7dc6807f3c9b9
                                                                                                                                                                                                                              • Instruction ID: cad04f8e3a6fc9e31f9c770f3d5ac1f6b854364ec9de314c65ca034c89827fee
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f9789fc2892457d5d8468ed90721af1651c91caa14e317bcffa7dc6807f3c9b9
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7971A262B1968255F718AB55EC60FFA6250FF94BC0F4400B2DD6E476DEEE7CEA028740
                                                                                                                                                                                                                              Function 00007FFDFAD59F10 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 155COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debug$L_cleanseO_freeO_memdup
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_srvr.c$D:\a\1\s\include\internal/packet.h$tls_process_cke_psk_preamble
                                                                                                                                                                                                                              • API String ID: 4013370168-1385198054
                                                                                                                                                                                                                              • Opcode ID: d51a1e80f44b302ff8f28b88ccd3fb6a7810af984ed629c25c9453562c8186b7
                                                                                                                                                                                                                              • Instruction ID: 2c7904c75ee69780035f62cc34d773980b8e15fdb0ece5fa00c354d96c2f50e9
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d51a1e80f44b302ff8f28b88ccd3fb6a7810af984ed629c25c9453562c8186b7
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 33717E62F2868289F76C9B20EC69FF96350EF54780F804172D96D03ADAEFACE555C740
                                                                                                                                                                                                                              Function 00007FFDFACE1CBC Relevance: 33.5, APIs: 15, Strings: 4, Instructions: 292COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debug$D_bytes_exD_get_size
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_srvr.c$construct_stateful_ticket$resumption$tls_construct_new_session_ticket
                                                                                                                                                                                                                              • API String ID: 2724910838-1194634662
                                                                                                                                                                                                                              • Opcode ID: ef7342f60bc5b2d48a9fd6b8c6db10ef1ff12d171feaad55dce560bd1c9dc77c
                                                                                                                                                                                                                              • Instruction ID: c20ad67d6b831d3a97643abd091934adcfecd4620efc67904bffc2748310aa6a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ef7342f60bc5b2d48a9fd6b8c6db10ef1ff12d171feaad55dce560bd1c9dc77c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B9D19F36B1878289E758DB25D860ABD67A0FB85B84F480172DE5C4B7DAEFBCE541C700
                                                                                                                                                                                                                              Function 00007FFDFACE586A Relevance: 33.3, APIs: 17, Strings: 2, Instructions: 95COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_set_init$O_clear_flagsO_get_dataR_newR_set_debugR_set_error$O_freeO_get_initO_pushO_set_nextO_set_shutdownO_up_refO_zalloc
                                                                                                                                                                                                                              • String ID: ..\s\ssl\bio_ssl.c$ssl_new
                                                                                                                                                                                                                              • API String ID: 2041692418-4057307684
                                                                                                                                                                                                                              • Opcode ID: b938392c1f0130d587112443b3a9d1b86181e3dd82127a5ad10639266ed4d33c
                                                                                                                                                                                                                              • Instruction ID: cb77dd3f9ff7ad7aaacc8ab8ffcfc30f229e60fc9ef2bc2c94a972e724a9a516
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b938392c1f0130d587112443b3a9d1b86181e3dd82127a5ad10639266ed4d33c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E31571AF0D25649FB1CA7229D71DBD52959F85FD0F0040B2EC2D0BBCEEE6CA9428640
                                                                                                                                                                                                                              Function 00007FFDFAD438A0 Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 224COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • EVP_MD_CTX_new.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FFDFAD45063), ref: 00007FFDFAD43931
                                                                                                                                                                                                                              • EVP_DigestInit.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FFDFAD45063), ref: 00007FFDFAD43948
                                                                                                                                                                                                                              • EVP_DigestUpdate.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FFDFAD45063), ref: 00007FFDFAD43965
                                                                                                                                                                                                                              • EVP_DigestUpdate.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FFDFAD45063), ref: 00007FFDFAD43982
                                                                                                                                                                                                                              • EVP_DigestFinal_ex.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FFDFAD45063), ref: 00007FFDFAD4399C
                                                                                                                                                                                                                              • EVP_MD_CTX_free.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FFDFAD45063), ref: 00007FFDFAD439AC
                                                                                                                                                                                                                              • CRYPTO_malloc.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FFDFAD45063), ref: 00007FFDFAD439CF
                                                                                                                                                                                                                              • ERR_new.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FFDFAD45063), ref: 00007FFDFAD43B9E
                                                                                                                                                                                                                              • ERR_set_debug.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FFDFAD45063), ref: 00007FFDFAD43BB3
                                                                                                                                                                                                                              • EVP_PKEY_CTX_free.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FFDFAD45063), ref: 00007FFDFAD43BCB
                                                                                                                                                                                                                              • CRYPTO_clear_free.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FFDFAD45063), ref: 00007FFDFAD43BE3
                                                                                                                                                                                                                              • ERR_new.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FFDFAD45063), ref: 00007FFDFAD43BEA
                                                                                                                                                                                                                              • ERR_set_debug.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FFDFAD45063), ref: 00007FFDFAD43C02
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Digest$R_newR_set_debugUpdateX_free$Final_exInitO_clear_freeO_mallocX_new
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_clnt.c$tls_construct_cke_gost18
                                                                                                                                                                                                                              • API String ID: 1516884489-304060821
                                                                                                                                                                                                                              • Opcode ID: 8e51d15a962b53c84eea47d357a9d13b66c054b19c96a8da4d00d795b3e43bdd
                                                                                                                                                                                                                              • Instruction ID: a7c05a441617feb7717c0b1abe2148cd67ae3eb714879968a3d10bc4bf7a94c3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e51d15a962b53c84eea47d357a9d13b66c054b19c96a8da4d00d795b3e43bdd
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2A91A162B0864345FB28AB26EC65FBA2250FF85BD4F4400B5DD6D4B7DAEE7CDA418340
                                                                                                                                                                                                                              Function 00007FFDFACE150F Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 258COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c$ssl_dane_dup
                                                                                                                                                                                                                              • API String ID: 0-780499551
                                                                                                                                                                                                                              • Opcode ID: b50172fda2d5cc74c6930251964f7a30acaa7c728f4e9d78830432cb3447d34a
                                                                                                                                                                                                                              • Instruction ID: da81d4ffe7f5202f801c686a5c08b9e4dc51455919ebc6bcb4fbb5d0c3cbcbdc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b50172fda2d5cc74c6930251964f7a30acaa7c728f4e9d78830432cb3447d34a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 72C12B36B05A8286EB589F25D560BBD63A0FB44B84F084075DF6D877CAEF38E461C760
                                                                                                                                                                                                                              Function 00007FFDFAD2DB60 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 171COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_new$O_freeR_set_debug$O_strdup
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions.c$final_server_name$p
                                                                                                                                                                                                                              • API String ID: 3774429508-428839542
                                                                                                                                                                                                                              • Opcode ID: 2cd7a02e78f7ba07ee5d78f81959a35c35bd0f2ac248bd938c8f541175f0de47
                                                                                                                                                                                                                              • Instruction ID: 80030d81e38f3e666e0558659b4e3c0fb421f1bc3340e70d3b32f756c158b472
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2cd7a02e78f7ba07ee5d78f81959a35c35bd0f2ac248bd938c8f541175f0de47
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A4817D36B09A8285FB599B15DC64BB923A0FB94B84F0440B2DEAD076DDEF7CE941C350
                                                                                                                                                                                                                              Function 00007FFDFACE19DD Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 110COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: N_copyN_free$N_dup$O_freeO_strdup
                                                                                                                                                                                                                              • String ID: ..\s\ssl\tls_srp.c
                                                                                                                                                                                                                              • API String ID: 3070725730-1778748169
                                                                                                                                                                                                                              • Opcode ID: df38dbacce64862afa0680bc413e1b11140b6e2546048526193d0fc8ec849a9d
                                                                                                                                                                                                                              • Instruction ID: 005f4ce0d6eb711c67e79733860a46d05d3110194fd73bd4011a4081e12b132e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: df38dbacce64862afa0680bc413e1b11140b6e2546048526193d0fc8ec849a9d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 75412036B0AA4384FB589F119C64AB822E8EF44FD4F184674ED3D4B6DDEF6CA4418210
                                                                                                                                                                                                                              Function 00007FFDFAD05AE0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 108COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debugR_set_error$O_realloc
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c$dane_mtype_set
                                                                                                                                                                                                                              • API String ID: 945340710-1331952108
                                                                                                                                                                                                                              • Opcode ID: a5fb8cdb9169f96d0cee8378669304ac794cc4e23e31b906d06139075d0539ab
                                                                                                                                                                                                                              • Instruction ID: 284168b9ef1b1da11887146c1f8bf442f457632d5f50d6196cabdedb72aa361d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a5fb8cdb9169f96d0cee8378669304ac794cc4e23e31b906d06139075d0539ab
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A41C222B0869696E7189B25EC20EA96394FF54794F848471DE6D037DDEE7CE841C710
                                                                                                                                                                                                                              Function 00007FFDFAD05870 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: J_nid2snO_zallocP_get_digestbyname
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c$dane_ctx_enable
                                                                                                                                                                                                                              • API String ID: 481619167-1287278166
                                                                                                                                                                                                                              • Opcode ID: f811607f019e0fba6774fb0767c526b73295f801dc53e887ad931bb5e2517592
                                                                                                                                                                                                                              • Instruction ID: e05dbb56bf745b155306004fff236dcff7e885659a93dec75afe5debbbc71e0e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f811607f019e0fba6774fb0767c526b73295f801dc53e887ad931bb5e2517592
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3C316162F1969286E75C9721E861FA92290EF457C0F444075DE6D07BCEFEACE951C700
                                                                                                                                                                                                                              Function 00007FFDFACE204A Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 153COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_new$D_bytes_exO_freeO_mallocR_set_debug
                                                                                                                                                                                                                              • String ID: $..\s\ssl\statem\statem_srvr.c$tls_construct_certificate_request
                                                                                                                                                                                                                              • API String ID: 2305228085-266924759
                                                                                                                                                                                                                              • Opcode ID: 48ffdf6c7c62fb41b1495506701ca5cda019a180bd31cfb56bf32ecafd0c6595
                                                                                                                                                                                                                              • Instruction ID: f75b5fe5087943f4bd682d4f723af71fc1501adfd36869c31e0ceea2fe483c34
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 48ffdf6c7c62fb41b1495506701ca5cda019a180bd31cfb56bf32ecafd0c6595
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FD519229B0864649FB59AB229D64FBE2395EF51BC4F0400B1DD5D4BBDEEFACE9418300
                                                                                                                                                                                                                              Function 00007FFDFAD4BB70 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_free$memcpy
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_dtls.c
                                                                                                                                                                                                                              • API String ID: 1144371060-3140652063
                                                                                                                                                                                                                              • Opcode ID: 005eac6e481a255bb56be3ad85b278dab1839147e7f3a6c68da57bdba1b2c1c7
                                                                                                                                                                                                                              • Instruction ID: 7d518fde1e8ccb61bdda58d20bcac1e82702a4ba1a7a3409e2292370d4432c27
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 005eac6e481a255bb56be3ad85b278dab1839147e7f3a6c68da57bdba1b2c1c7
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5A619526B09A4285EB58AB16D8A1AB82351FF90FC4F044075DE2D4B7DDFF6DE592C300
                                                                                                                                                                                                                              Function 00007FFDFACF3B30 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debugR_set_error$D_lock_newO_freeO_zalloc
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_cert.c$ssl_cert_new
                                                                                                                                                                                                                              • API String ID: 1324884158-262037048
                                                                                                                                                                                                                              • Opcode ID: ac9b3856b89b31155a62abe4f320fdad406f86a0010b402bd73e260b736204f7
                                                                                                                                                                                                                              • Instruction ID: afce2daec8703ee1111f65013aafee86000fbebc56d4043ccd152ac1c82c6232
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ac9b3856b89b31155a62abe4f320fdad406f86a0010b402bd73e260b736204f7
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E1215B76F1864286E75CAB60D861FE922A0EF14748F840075D92C0B7DAFEACA985C750
                                                                                                                                                                                                                              Function 00007FFDFACE1C53 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: N_free$O_free
                                                                                                                                                                                                                              • String ID: ..\s\ssl\tls_srp.c
                                                                                                                                                                                                                              • API String ID: 3506937590-1778748169
                                                                                                                                                                                                                              • Opcode ID: 7230b134d8cc83c97ee3a1fb64bf6954e5cca318ec74271f826c5bc20e42f3ad
                                                                                                                                                                                                                              • Instruction ID: 2c81c269a84b46d8bfcd95acacfc779af8689ebd3ee363aed51c5dfb78a22956
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7230b134d8cc83c97ee3a1fb64bf6954e5cca318ec74271f826c5bc20e42f3ad
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 11213153F1458284F744EF25CCA1BFC2320EBD4B88F145271EE6C4B19AEE6895D1C310
                                                                                                                                                                                                                              Function 00007FFDFAD14000 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 215COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_reallocR_newR_set_debugR_set_errormemcpy
                                                                                                                                                                                                                              • String ID: ..\s\ssl\t1_lib.c$?$@$gid_cb$group '%s' cannot be set
                                                                                                                                                                                                                              • API String ID: 2487840641-1486293874
                                                                                                                                                                                                                              • Opcode ID: 81384d79a53907ace5d2f8778e6c6986967378ea595cdac616b9e384c796a9f7
                                                                                                                                                                                                                              • Instruction ID: 4677f7aea409aeaf7917c608d046b228c147f63519bfc1835667c7aa0ebeb968
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 81384d79a53907ace5d2f8778e6c6986967378ea595cdac616b9e384c796a9f7
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C141D5E2B0978651FB688B56E860AB923A1EFA5780F544076DA6D037DDFE3CE5818300
                                                                                                                                                                                                                              Function 00007FFDFACE1CEE Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 126COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_clear_free$memcpy$L_cleanseO_mallocmemset
                                                                                                                                                                                                                              • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                                                              • API String ID: 2649524955-4238427508
                                                                                                                                                                                                                              • Opcode ID: fce34d2a7b6bdc58cf014012aab384aa02dc5fa568be4e8b3097b3bf5e5531b1
                                                                                                                                                                                                                              • Instruction ID: 10bce446921c6247de173a6dd92cb76cbc7f5bd478b6c7c803e69ea51a2e64c7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fce34d2a7b6bdc58cf014012aab384aa02dc5fa568be4e8b3097b3bf5e5531b1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0B51E076708A8186EB289F12A850AAE7764FB44FC4F444076DF6D47799DF3CD651C310
                                                                                                                                                                                                                              Function 00007FFDFACE24E6 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 98COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_new$R_set_debug$O_malloc
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_clnt.c$tls_process_cert_status_body
                                                                                                                                                                                                                              • API String ID: 2635154176-3889181619
                                                                                                                                                                                                                              • Opcode ID: 13b7146c49aaea806554447ba368cbbbb6465e1eecd7e99dd6b658618aecd0ec
                                                                                                                                                                                                                              • Instruction ID: 5bb1f64ec873b7fd996aeaccbc922b6ff14e0ad44c78f20ceeb26527b582f926
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 13b7146c49aaea806554447ba368cbbbb6465e1eecd7e99dd6b658618aecd0ec
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2341D722F18A5685E7589751EC20DBD6390FF45BC0F4440B2E96D47BCAEF2CDE918700
                                                                                                                                                                                                                              Function 00007FFDFACE5C53 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 398COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_clear_flagsO_set_dataO_set_initO_zallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                              • String ID: ..\s\ssl\bio_ssl.c$ssl_new
                                                                                                                                                                                                                              • API String ID: 3664107999-4057307684
                                                                                                                                                                                                                              • Opcode ID: 4fe9d9adf47ecfc145edde16cadadc46be57d833d6aa4bd709a0663bcd577224
                                                                                                                                                                                                                              • Instruction ID: e1fcef46b459a1edce2028f2ffa18d8224ec48918b08089e5c2fefe0012cbe53
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4fe9d9adf47ecfc145edde16cadadc46be57d833d6aa4bd709a0663bcd577224
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8611B267F1C18245E7499B29AD70DE82721DF4A794F4881B1D6A903ACAED6CD8948700
                                                                                                                                                                                                                              Function 00007FFDFACE236F Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 103COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debug$O_freeO_memdup
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_srvr.c$D:\a\1\s\include\internal/packet.h$tls_process_next_proto
                                                                                                                                                                                                                              • API String ID: 3243760035-2889161144
                                                                                                                                                                                                                              • Opcode ID: 313a86f849fdb8182494313b6896a954495c3b1bd33ea1e25ab80567406f475c
                                                                                                                                                                                                                              • Instruction ID: 34b5497050d0ab79bb3a6defd34bfa34485ab518269bcf3e9da57e4e8fc53feb
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 313a86f849fdb8182494313b6896a954495c3b1bd33ea1e25ab80567406f475c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6C41D727B0CB8185E7289B24F820AB9B3A0FB58784F444171EA9C4768EFF7CD2918740
                                                                                                                                                                                                                              Function 00007FFDFACE1F37 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 93COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_mallocR_newR_set_debug
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_clnt.c$P$U$[$`$tls_process_cert_status_body
                                                                                                                                                                                                                              • API String ID: 4191474876-1928312256
                                                                                                                                                                                                                              • Opcode ID: 94b9c7d82fda44be8e2349d223dc11e0ab60818defcd69df6272cce3fc45628c
                                                                                                                                                                                                                              • Instruction ID: 071f6550c5668a325180d9fe9d5a153d44b0f0480282c740eeb68c8aa16ff82a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 94b9c7d82fda44be8e2349d223dc11e0ab60818defcd69df6272cce3fc45628c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C831E222B08B8685E7089B52AC5466D73A4FB05FC0F544072DE5E477C9EF7CDA95C300
                                                                                                                                                                                                                              Function 00007FFDFACEDEC0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 61COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debug$O_freeO_strdup
                                                                                                                                                                                                                              • String ID: $..\s\ssl\s3_lib.c$ssl3_ctx_ctrl
                                                                                                                                                                                                                              • API String ID: 2909881267-506337091
                                                                                                                                                                                                                              • Opcode ID: 0ea6ab40964df41e67cee4f59e9e7216a15cb6d0b2677adab293961daa56f5c6
                                                                                                                                                                                                                              • Instruction ID: 8613f87f23b1d1605d627523a3b576447877b82f82013f42503c1cdbe8f3a832
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0ea6ab40964df41e67cee4f59e9e7216a15cb6d0b2677adab293961daa56f5c6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9C218E69F1964345FB2E87249CF0FBC1251EF01B84F5400B6D92E47ACEEE6DAD828301
                                                                                                                                                                                                                              Function 00007FFDFACF5B10 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: L_sk_newL_sk_pushL_sk_sortO_freeO_mallocP_get_nameP_get_typeP_zlib
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_ciph.c
                                                                                                                                                                                                                              • API String ID: 439358363-1847046956
                                                                                                                                                                                                                              • Opcode ID: ed9daa843f26c6a222cafc600fdd1ee9f4abd4318eb25de5bddf585773947e30
                                                                                                                                                                                                                              • Instruction ID: 6c15da77b5138700e5d2cc38707dce280ce40351df4e02b3f31c7e5359db336a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ed9daa843f26c6a222cafc600fdd1ee9f4abd4318eb25de5bddf585773947e30
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7411F965F0874285FB08ABA2BD65BA82295EF947C4F4410B5D93D077DAFF6CE4408710
                                                                                                                                                                                                                              Function 00007FF7F77E58E0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 139COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetTempPathW.KERNEL32(?,00000000,?,00007FF7F77E58AD), ref: 00007FF7F77E597A
                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,00007FF7F77E58AD), ref: 00007FF7F77E5980
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F77E5AF0: GetEnvironmentVariableW.KERNEL32(00007FF7F77E2817,?,?,?,?,?,?), ref: 00007FF7F77E5B2A
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F77E5AF0: ExpandEnvironmentStringsW.KERNEL32(?,?,?,?,?,?), ref: 00007FF7F77E5B47
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F77F6818: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F77F6831
                                                                                                                                                                                                                              • SetEnvironmentVariableW.KERNEL32(?,TokenIntegrityLevel), ref: 00007FF7F77E5A31
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Environment$Variable$CurrentExpandPathProcessStringsTemp_invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                                                                                                                                                                              • API String ID: 1556224225-1116378104
                                                                                                                                                                                                                              • Opcode ID: fb533de90983aa8ed4e0e2c1f6f0f309b68095ef9aabf4d2006ce4ee732b5443
                                                                                                                                                                                                                              • Instruction ID: b3529fc03602dfe69a61db54195ef8565b05f89673e6448339d6bcc73bae175c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fb533de90983aa8ed4e0e2c1f6f0f309b68095ef9aabf4d2006ce4ee732b5443
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 30517A19B2964641EB54BB22AA662FAD6825F4DBC0FC44435EC2E877D6ED3CE00343F1
                                                                                                                                                                                                                              Function 00007FFDFACE1361 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_freeO_mallocR_pop_to_markX_freeX_new_from_pkeyY_freeY_set_type
                                                                                                                                                                                                                              • String ID: ..\s\ssl\t1_lib.c
                                                                                                                                                                                                                              • API String ID: 355840433-1643863364
                                                                                                                                                                                                                              • Opcode ID: 3db9531d2b6dc588749f5d3fc88387a9a97764fba650647e6dd075ed364377c7
                                                                                                                                                                                                                              • Instruction ID: a40876a5e04ae1bfbebd3f622796919355b0711d0e27162f093fba3e57caa399
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3db9531d2b6dc588749f5d3fc88387a9a97764fba650647e6dd075ed364377c7
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7131F263F0964685F718DF11E8609BE63A4FF49B88F404071DE6C0369AEF7CE5518300
                                                                                                                                                                                                                              Function 00007FFDFACE23EC Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 78COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_free$O_memdupR_newR_set_debugR_set_error
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c$SSL_CTX_set_alpn_protos
                                                                                                                                                                                                                              • API String ID: 4248801101-316209205
                                                                                                                                                                                                                              • Opcode ID: b7c938688c6d325370d0a4c2e3031650f5c9fd41a3ff30ded97c274a6cb90f32
                                                                                                                                                                                                                              • Instruction ID: f759e05c5527b08b47dc8afb3eb3a2656809c911e54781bebaa5ebef1ac5719f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b7c938688c6d325370d0a4c2e3031650f5c9fd41a3ff30ded97c274a6cb90f32
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FC31C266F186D686F7598F20A860FA92390FF45B88F4810B1DE5D03BC9EE2CE441C710
                                                                                                                                                                                                                              Function 00007FFDFABC18A0 Relevance: 13.9, APIs: 9, Instructions: 425COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038579962.00007FFDFABC1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038551243.00007FFDFABC0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFABC5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC22000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC6E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC71000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC76000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFACD0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038823075.00007FFDFACD3000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038844403.00007FFDFACD5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdfabc0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Mem_$SubtypeType_$DataFreeFromKindMallocReallocUnicode_
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1742244024-0
                                                                                                                                                                                                                              • Opcode ID: 5c1050c68e97de161cd6d8c48e9085a3eef7c228c5941944440c3b79a23d7220
                                                                                                                                                                                                                              • Instruction ID: 4c93de4696ee071535a3e0542b7aac3607cae6542680c5608ee609c23d4a5b90
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5c1050c68e97de161cd6d8c48e9085a3eef7c228c5941944440c3b79a23d7220
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A8021372B0C58282E76C8B19E464E7D77A1EF44B44FD641B5EAAE877D8EE2DE440C700
                                                                                                                                                                                                                              Function 00007FFDFABC3058 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038579962.00007FFDFABC1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038551243.00007FFDFABC0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFABC5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC22000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC6E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC71000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC76000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFACD0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038823075.00007FFDFACD3000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038844403.00007FFDFACD5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdfabc0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 313767242-0
                                                                                                                                                                                                                              • Opcode ID: d5821aaf4936ad9aa18e348792a4e6496cc638c229f42c96d8f2983ca85ed40f
                                                                                                                                                                                                                              • Instruction ID: 710fa7e7736a4be9ed35ff28375f48f20b6e593e08042b9643702e5e99f04969
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d5821aaf4936ad9aa18e348792a4e6496cc638c229f42c96d8f2983ca85ed40f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9B316C72709B819AEB649F60E860FED7364FB84744F85403ADA5E47A88DF38D648C714
                                                                                                                                                                                                                              Function 00007FFDFACE222A Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 100COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • ERR_new.LIBCRYPTO-3 ref: 00007FFDFAD5BC1A
                                                                                                                                                                                                                              • ERR_set_debug.LIBCRYPTO-3 ref: 00007FFDFAD5BC32
                                                                                                                                                                                                                              • CRYPTO_clear_free.LIBCRYPTO-3 ref: 00007FFDFAD5BD30
                                                                                                                                                                                                                                • Part of subcall function 00007FFDFAD59F10: ERR_new.LIBCRYPTO-3(?,?,00007FFDFAD5BC05), ref: 00007FFDFAD59F9D
                                                                                                                                                                                                                                • Part of subcall function 00007FFDFAD59F10: ERR_set_debug.LIBCRYPTO-3(?,?,00007FFDFAD5BC05), ref: 00007FFDFAD59FB5
                                                                                                                                                                                                                                • Part of subcall function 00007FFDFACE1CEE: CRYPTO_malloc.LIBCRYPTO-3 ref: 00007FFDFACEFC82
                                                                                                                                                                                                                                • Part of subcall function 00007FFDFACE1CEE: memset.VCRUNTIME140 ref: 00007FFDFACEFCB0
                                                                                                                                                                                                                                • Part of subcall function 00007FFDFACE1CEE: memcpy.VCRUNTIME140 ref: 00007FFDFACEFCE5
                                                                                                                                                                                                                                • Part of subcall function 00007FFDFACE1CEE: CRYPTO_clear_free.LIBCRYPTO-3 ref: 00007FFDFACEFD01
                                                                                                                                                                                                                                • Part of subcall function 00007FFDFACE1CEE: CRYPTO_clear_free.LIBCRYPTO-3 ref: 00007FFDFACEFD5A
                                                                                                                                                                                                                                • Part of subcall function 00007FFDFACE1CEE: CRYPTO_clear_free.LIBCRYPTO-3 ref: 00007FFDFACEFDD2
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_clear_free$R_newR_set_debug$O_mallocmemcpymemset
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_srvr.c$tls_process_client_key_exchange
                                                                                                                                                                                                                              • API String ID: 1067245891-2687227884
                                                                                                                                                                                                                              • Opcode ID: 7d140191fdaccdb7f5dd66bb854c57b1edeaf98f0ecf9006dd804b52b7453e47
                                                                                                                                                                                                                              • Instruction ID: 0e3e066d61a42ea34d7cd932f744d4ad06c3da9b318ac9329df0ef69f44201fc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7d140191fdaccdb7f5dd66bb854c57b1edeaf98f0ecf9006dd804b52b7453e47
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 72414861B1924348F76C9B35EC65FBA1250EF91BC0F5440B2D92E0BBDEFEACE4428204
                                                                                                                                                                                                                              Function 00007FFDFACE1B31 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 93COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debug$O_free
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_parse_ctos_supported_groups
                                                                                                                                                                                                                              • API String ID: 1233037391-3902054871
                                                                                                                                                                                                                              • Opcode ID: 47239de93f30744df04919321349d6e62f2e5e8b63f989046013745e462ed722
                                                                                                                                                                                                                              • Instruction ID: dc6122dd218eca270c19be0e4e8c6751a8b02946954b12a3666c8d2bca718794
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 47239de93f30744df04919321349d6e62f2e5e8b63f989046013745e462ed722
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0C418722F1D74241E7698B64E964FE96360FB94744F404171DAAD43AC9EF7CE6E1CB00
                                                                                                                                                                                                                              Function 00007FFDFAD45B10 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 82COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_free$R_newR_set_debugX_free
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_clnt.c$tls_process_as_hello_retry_request
                                                                                                                                                                                                                              • API String ID: 1348149560-64018843
                                                                                                                                                                                                                              • Opcode ID: 22663b35477b85c7e26328a18364966c2064c73c6812b34c9d08c3c117ff3b4b
                                                                                                                                                                                                                              • Instruction ID: e9d9343cc00b912be26a37b6341e66fd8cd64e7480bf4516bd9debde211938ce
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 22663b35477b85c7e26328a18364966c2064c73c6812b34c9d08c3c117ff3b4b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2131D326B0868282F718D765E960BAEA364FB85FC0F004071EEAC47BCDDF2DD9518B00
                                                                                                                                                                                                                              Function 00007FFDFACE2590 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_mallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                              • String ID: ..\s\ssl\record\rec_layer_d1.c$DTLS_RECORD_LAYER_new
                                                                                                                                                                                                                              • API String ID: 2261483606-2598386108
                                                                                                                                                                                                                              • Opcode ID: b4b8396036985612f7ae0a8ffb7ed2bc61f330508f79e3ce729188609297376b
                                                                                                                                                                                                                              • Instruction ID: 042e768173552c29c137787780f987fc74157bd7a6430836febbb0aadcded8b7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b4b8396036985612f7ae0a8ffb7ed2bc61f330508f79e3ce729188609297376b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 91214666B1864285EB5CAB65E8A1FBD23A0EF44B44F4410B5D52D077DEFE28E891C740
                                                                                                                                                                                                                              Function 00007FFDFACF5A10 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: L_sk_newL_sk_pushL_sk_sortO_freeO_mallocP_get_type
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_ciph.c
                                                                                                                                                                                                                              • API String ID: 2104156618-1847046956
                                                                                                                                                                                                                              • Opcode ID: e371f3881138af7b2375f8e071bd2a7aa45d3f6a441da14516fe18d9a1231504
                                                                                                                                                                                                                              • Instruction ID: 6e6f414af95d139cc0169bd984d718bde4dfed5c734847776ab89002f958b6a3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e371f3881138af7b2375f8e071bd2a7aa45d3f6a441da14516fe18d9a1231504
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C1112825F0874285FB08ABA6BD61BB82295EF94BC0F4410B6E93C477DEFE6CE4508210
                                                                                                                                                                                                                              Function 00007FFDFACE5E80 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_clear_flagsO_freeO_get_dataO_get_initO_get_shutdownO_set_init
                                                                                                                                                                                                                              • String ID: ..\s\ssl\bio_ssl.c
                                                                                                                                                                                                                              • API String ID: 3531300166-4039210333
                                                                                                                                                                                                                              • Opcode ID: e2b2bff4dc1b175a44b1bbc1eebc8034e2b2f479dc93f042e1f9e036d7a24d64
                                                                                                                                                                                                                              • Instruction ID: 36c1eb69d5682468c234a513ff5c15fed7c61cca26f9eb4e4b10bdb45ae1547c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e2b2bff4dc1b175a44b1bbc1eebc8034e2b2f479dc93f042e1f9e036d7a24d64
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E901786AF1964244FB4CB7669DB1EB902819F95BD0F4810B1ED3E87BCEEE5CEC904600
                                                                                                                                                                                                                              Function 00007FFDFACEDFB2 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 28COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_freeO_strdupR_newR_set_debug
                                                                                                                                                                                                                              • String ID: ..\s\ssl\s3_lib.c$ssl3_ctx_ctrl
                                                                                                                                                                                                                              • API String ID: 1600027128-780421027
                                                                                                                                                                                                                              • Opcode ID: 2f8a23cc58bf2cb9775b5f28407836e5a0929559ffb9a9f6f184a4f10ef9a7dc
                                                                                                                                                                                                                              • Instruction ID: 727c4e56850f01cb962626038794442554a1def5a8e5434c258d03eefd1e69ff
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2f8a23cc58bf2cb9775b5f28407836e5a0929559ffb9a9f6f184a4f10ef9a7dc
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E2F0FF65B1EA4395FB699711D8A0AB81250DF41B84F441076D82D0B6DDEE6DE981C301
                                                                                                                                                                                                                              Function 00007FFDFAD37A40 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_free
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions_cust.c
                                                                                                                                                                                                                              • API String ID: 2581946324-3973221358
                                                                                                                                                                                                                              • Opcode ID: 9486b742b922ef7872c7a8d4928c7cb15fe9ed31e87cc66f9c1e352f56a3f0e9
                                                                                                                                                                                                                              • Instruction ID: e2b71afa114f36d279025e57e000ac68bec9df9f69b03ebbbcb659088bdf7771
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9486b742b922ef7872c7a8d4928c7cb15fe9ed31e87cc66f9c1e352f56a3f0e9
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D1115E32B19B4285EB589B15F860BAD6360FB84BC4F444076EAAD07B9DEF7CD6818740
                                                                                                                                                                                                                              Function 00007FFDFAD01E60 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: D_read_lockD_unlockH_retrievememcpy
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2272600717-0
                                                                                                                                                                                                                              • Opcode ID: c69d3c574ace1660c03a52d6659538a827bdf0905eeedaf59d9631c44bfb8f24
                                                                                                                                                                                                                              • Instruction ID: 580a4b14fa815a85d11d8884af43c3375e599d821912b9c7170c7d50e455c3b2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c69d3c574ace1660c03a52d6659538a827bdf0905eeedaf59d9631c44bfb8f24
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A4118A227186C286EB69D725E861BAD7368FF88BC4F040071EA5C8779DEF2CD1508700
                                                                                                                                                                                                                              Function 00007FFDFACE1D84 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_freeO_memdup
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_sess.c
                                                                                                                                                                                                                              • API String ID: 3962629258-2868363209
                                                                                                                                                                                                                              • Opcode ID: bda14326991ddcc22a217b1be2d555ba5d063cd4a1681a7ab79ac5345ca7306d
                                                                                                                                                                                                                              • Instruction ID: 75b174cbeb75a250c651a70a829d54c0fcee6044be84bc03058c0411e579742d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bda14326991ddcc22a217b1be2d555ba5d063cd4a1681a7ab79ac5345ca7306d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 49116522B09B9141E7998B15F950AAD62A4FB44FC4F5C4071EEAC5BF9DFF2CE5518300
                                                                                                                                                                                                                              Function 00007FFDFACE23E7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_freeO_memdup
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_sess.c
                                                                                                                                                                                                                              • API String ID: 3962629258-2868363209
                                                                                                                                                                                                                              • Opcode ID: 83ba57ea2f63e5d25bc25b3a12f57e5ab8c16677182ba9d2e40e584531579eb6
                                                                                                                                                                                                                              • Instruction ID: dee8f06a5068d503d5f6ec89e1cdfbd91350f0376d4fcb5446e6461899c78d4e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 83ba57ea2f63e5d25bc25b3a12f57e5ab8c16677182ba9d2e40e584531579eb6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9401C825B09F9181E7598B15F8606A96254FF08FC4F0C8171ED6C47BCDEE2CD5928704
                                                                                                                                                                                                                              Function 00007FFDFACE103C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_mallocP_expand_block
                                                                                                                                                                                                                              • String ID: ..\s\ssl\record\ssl3_record.c
                                                                                                                                                                                                                              • API String ID: 3543690440-2721125279
                                                                                                                                                                                                                              • Opcode ID: 8196a40e8406d2c93349a8389dd71b6edc507973e668f114e1863cc86b66413e
                                                                                                                                                                                                                              • Instruction ID: caad3d8f8ed1a17d7e14f3d3207f249f298968ae0409eaa6d8ce5c8c1a09fec3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8196a40e8406d2c93349a8389dd71b6edc507973e668f114e1863cc86b66413e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0C01CC66B19A0186EB588B25E95066962A0FB08BC8F444134EF5C4B7DDFE3DE590C700
                                                                                                                                                                                                                              Function 00007FFDFACFBEC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_freeO_memdup
                                                                                                                                                                                                                              • String ID: D:\a\1\s\include\internal/packet.h
                                                                                                                                                                                                                              • API String ID: 3962629258-2521442236
                                                                                                                                                                                                                              • Opcode ID: 91098b795325cd7587bcd561924eb37d17e50e84d18b7e1e8ab3bb367abb9249
                                                                                                                                                                                                                              • Instruction ID: 1329b1418b03e93b9b119010ef25a4ff31fffc9c28dc36addde5ddb5becb9f21
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 91098b795325cd7587bcd561924eb37d17e50e84d18b7e1e8ab3bb367abb9249
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2F012C36716B8285EB549F12F890A996364FB58BC0F488471EF9C87B89EF3CD5628700
                                                                                                                                                                                                                              Function 00007FFDFACE271B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_freeO_strdup
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_sess.c
                                                                                                                                                                                                                              • API String ID: 2148955802-2868363209
                                                                                                                                                                                                                              • Opcode ID: b911845fcac4a3d6a282408cb186a3f15c2fc6447c8482edd65e0f2285ed320a
                                                                                                                                                                                                                              • Instruction ID: 90f0f8662ee1eafba7f0faf00030fc933f2f048f9b71884af5a22326aa1cbb60
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b911845fcac4a3d6a282408cb186a3f15c2fc6447c8482edd65e0f2285ed320a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 45F0A426B1864182EB4ECB16F950AA96255FF48BC0F4C8171E96C47BDEFF2CD6518604
                                                                                                                                                                                                                              Function 00007FFDFAD3F8F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_freeO_strndup
                                                                                                                                                                                                                              • String ID: D:\a\1\s\include\internal/packet.h
                                                                                                                                                                                                                              • API String ID: 2641571835-2521442236
                                                                                                                                                                                                                              • Opcode ID: 3d0f3f982528f2f85dc5154f817162137fc4029bac152392271789753bc1f300
                                                                                                                                                                                                                              • Instruction ID: d32dcd3e69a9b1be1e09c86fbaf7247f4e7c916641e576159679a8da8a0832cd
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3d0f3f982528f2f85dc5154f817162137fc4029bac152392271789753bc1f300
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F5F0A736B04A8280EB089B56FCA5DEC1320EB4CFC4F448071EE1C4779DEE2CD5558300
                                                                                                                                                                                                                              Function 00007FFDFAD059F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_free
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                              • API String ID: 2581946324-1080266419
                                                                                                                                                                                                                              • Opcode ID: 4ad0dbd46e3a53873decdf54c808e7085bfbce7e9fa66e66a0ba4a1ff10697f9
                                                                                                                                                                                                                              • Instruction ID: 5b50ecc99f8d882b38531279eec6055f60426aedeb0b72d63bc654e604617e00
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4ad0dbd46e3a53873decdf54c808e7085bfbce7e9fa66e66a0ba4a1ff10697f9
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54E06D66B0464295EB08AB25EC90B982350FB44F88F444070CA2C4B7CAEE6CD984C310
                                                                                                                                                                                                                              Function 00007FFDFACE2027 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 00007FFDFACE19E7: CRYPTO_free.LIBCRYPTO-3 ref: 00007FFDFAD23885
                                                                                                                                                                                                                                • Part of subcall function 00007FFDFACE120D: EVP_PKEY_free.LIBCRYPTO-3 ref: 00007FFDFACEE636
                                                                                                                                                                                                                                • Part of subcall function 00007FFDFACE120D: EVP_PKEY_free.LIBCRYPTO-3 ref: 00007FFDFACEE64D
                                                                                                                                                                                                                                • Part of subcall function 00007FFDFACE120D: CRYPTO_free.LIBCRYPTO-3 ref: 00007FFDFACEE689
                                                                                                                                                                                                                                • Part of subcall function 00007FFDFACE120D: OPENSSL_sk_pop_free.LIBCRYPTO-3 ref: 00007FFDFACEE69C
                                                                                                                                                                                                                                • Part of subcall function 00007FFDFACE120D: CRYPTO_free.LIBCRYPTO-3 ref: 00007FFDFACEE6B5
                                                                                                                                                                                                                                • Part of subcall function 00007FFDFACE120D: CRYPTO_clear_free.LIBCRYPTO-3 ref: 00007FFDFACEE6D5
                                                                                                                                                                                                                                • Part of subcall function 00007FFDFACE120D: CRYPTO_free.LIBCRYPTO-3 ref: 00007FFDFACEE6EE
                                                                                                                                                                                                                                • Part of subcall function 00007FFDFACE120D: CRYPTO_free.LIBCRYPTO-3 ref: 00007FFDFACEE707
                                                                                                                                                                                                                                • Part of subcall function 00007FFDFACE120D: CRYPTO_free.LIBCRYPTO-3 ref: 00007FFDFACEE728
                                                                                                                                                                                                                                • Part of subcall function 00007FFDFACE120D: CRYPTO_free.LIBCRYPTO-3 ref: 00007FFDFACEE741
                                                                                                                                                                                                                                • Part of subcall function 00007FFDFACE120D: CRYPTO_free.LIBCRYPTO-3 ref: 00007FFDFACEE75A
                                                                                                                                                                                                                                • Part of subcall function 00007FFDFACE120D: memset.VCRUNTIME140 ref: 00007FFDFACEE776
                                                                                                                                                                                                                              • CRYPTO_free.LIBCRYPTO-3 ref: 00007FFDFACE7FC2
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_free$Y_free$L_sk_pop_freeO_clear_freememset
                                                                                                                                                                                                                              • String ID: ..\s\ssl\d1_lib.c
                                                                                                                                                                                                                              • API String ID: 4031674668-490761327
                                                                                                                                                                                                                              • Opcode ID: d99d4da1f17c6bf448d55b6c72a20a43cc16a730a105540bb09c86b669c21a67
                                                                                                                                                                                                                              • Instruction ID: 2020c33cf1b47cb086f1771a320d3434cea24e3cd7b417aa437f4c8ce440f866
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d99d4da1f17c6bf448d55b6c72a20a43cc16a730a105540bb09c86b669c21a67
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 49F0F4A9B0464240EB88AB66D8B6BFC2314EF85F44F140075DA2E4B6DEDE2CD8D5C324
                                                                                                                                                                                                                              Function 00007FFDFAD2E040 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_free
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions.c
                                                                                                                                                                                                                              • API String ID: 2581946324-1165805907
                                                                                                                                                                                                                              • Opcode ID: f5c33958b9193b3dc2336bc79ff81fa3aa17c1b58119677cb9bbfbc151373d10
                                                                                                                                                                                                                              • Instruction ID: e9ed3bf9698bc1cbe78705be3d78559de476b57dd71101398d0ee9720f4fd9b4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f5c33958b9193b3dc2336bc79ff81fa3aa17c1b58119677cb9bbfbc151373d10
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DCF022B2F027418AE784AB29EC85B982290EB05B54F580130DA2C8BBC5FE2D89D3C311
                                                                                                                                                                                                                              Function 00007FFDFACE3EB0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_free
                                                                                                                                                                                                                              • String ID: ..\s\crypto\packet.c
                                                                                                                                                                                                                              • API String ID: 2581946324-3021818708
                                                                                                                                                                                                                              • Opcode ID: b0a9a76e4914a811829e7ddcdb10a4b46a2734523956068a3a792f1464b1691e
                                                                                                                                                                                                                              • Instruction ID: 3013b19d53b33e1bd95e427e0d43ea72f9bc837674e565cd60f48822d49828df
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b0a9a76e4914a811829e7ddcdb10a4b46a2734523956068a3a792f1464b1691e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0AE09B55B1564141EF589B15F891F782250FF58FC4F4C0170DA2C47BC9EF6CD8904300
                                                                                                                                                                                                                              Function 00007FFDFAD2DAF0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_free
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions.c
                                                                                                                                                                                                                              • API String ID: 2581946324-1165805907
                                                                                                                                                                                                                              • Opcode ID: 8724177c1e48e0554a0bfcb2cfd75b31f8ccabd07b616c583e81e0ae7f064d25
                                                                                                                                                                                                                              • Instruction ID: b068d0706cfa941ca660e2343985f54935ac38d378c42827a3149c734da8740c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8724177c1e48e0554a0bfcb2cfd75b31f8ccabd07b616c583e81e0ae7f064d25
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D1E08666B0168086F744A715DCA8B942350FB04B49F941070D91D4BBC9EF7E9586C711
                                                                                                                                                                                                                              Function 00007FFDFACE107D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_free
                                                                                                                                                                                                                              • String ID: ..\s\ssl\t1_lib.c
                                                                                                                                                                                                                              • API String ID: 2581946324-1643863364
                                                                                                                                                                                                                              • Opcode ID: be4ffea58fc3db61d405c2d1930b5cd1548967875a76bd85a1fb081c342cea19
                                                                                                                                                                                                                              • Instruction ID: 1d5decaf4496b61bb40ca19fc263f78699b8dd00ece7dc9501bdc177621c4886
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: be4ffea58fc3db61d405c2d1930b5cd1548967875a76bd85a1fb081c342cea19
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CDD05E55F1900699EB5C67169CA1EFC2320EF44F80F540171D93D47BDAFD0CAA9A9700
                                                                                                                                                                                                                              Function 00007FFDFACE1F50 Relevance: 3.1, APIs: 2, Instructions: 60COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: D_unlockD_write_lock
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1724170673-0
                                                                                                                                                                                                                              • Opcode ID: 76c72ca7c1bce967fc53f6c273dcc2408a04be977ece6b75e3cfabe8f56385a8
                                                                                                                                                                                                                              • Instruction ID: 60fd6e3a6589f56239038283f1a66242d633f4b5058f8ae0874c2e168b89ea7e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 76c72ca7c1bce967fc53f6c273dcc2408a04be977ece6b75e3cfabe8f56385a8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D521AA22B1579181DB48DF15E8606AD2394EF48FC8F0C5172FE5D8B79DEE28D5918310
                                                                                                                                                                                                                              Function 00007FFDFACE1A16 Relevance: 3.0, APIs: 2, Instructions: 48COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: D_unlockD_write_lock
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1724170673-0
                                                                                                                                                                                                                              • Opcode ID: fe72d2f47833ff62f6eb34b41bf5ce1617c7cf36ca78cf4de7d7052a520eb316
                                                                                                                                                                                                                              • Instruction ID: 749ffb6164fa7b8542b6f6b5241c56d34a79d7286cf800e82e283c0b96a72219
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fe72d2f47833ff62f6eb34b41bf5ce1617c7cf36ca78cf4de7d7052a520eb316
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C5118216B0864185EB49DB25E8A07BD1254FF84F84F1C9071EFAD4B6DEEE1DD9914300
                                                                                                                                                                                                                              Function 00007FFDFACE1AC3 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: D_read_lockD_unlock
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 102331797-0
                                                                                                                                                                                                                              • Opcode ID: b71a81da3f9b22b3d16b60fdff25760f89655af6747ef49561b87cca01bfa7e4
                                                                                                                                                                                                                              • Instruction ID: 397d52a146a128d780ef5abf04f93996a91cfde676270a6b9d074fb9fcc33c0e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b71a81da3f9b22b3d16b60fdff25760f89655af6747ef49561b87cca01bfa7e4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F6F0A722B0948241FB495B36ED50FFC5260EF84B80F4C5071EE3C836DEEE58E5D14204
                                                                                                                                                                                                                              Function 00007FFDFACE267B Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: D_unlockD_write_lock
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1724170673-0
                                                                                                                                                                                                                              • Opcode ID: 684068de0249cd697c2edab7a9c605427e68fc8da4ae45c78f9a4853c1631537
                                                                                                                                                                                                                              • Instruction ID: f932568ae76fdf69023db49cac44af38e09a77386830512082b1372f4c550b2e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 684068de0249cd697c2edab7a9c605427e68fc8da4ae45c78f9a4853c1631537
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4FE06522B1C58141E744971AF991ABC5250EF88BC4F485070EE6D877DEEE58D5D18600
                                                                                                                                                                                                                              Function 00007FFDFAD51F70 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_memcmp
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2788248766-0
                                                                                                                                                                                                                              • Opcode ID: b5a219c8196130646d0c65d40c7297d186f2a1cae857866210e82eb57502604f
                                                                                                                                                                                                                              • Instruction ID: 39398e5eb2222e45465e8707b680726eb54e6ca4e9cf5e411e2ced21c1684060
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b5a219c8196130646d0c65d40c7297d186f2a1cae857866210e82eb57502604f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B2D0A91BF0200282EB4CB33E8CA24A802E0EF80780FD480B4E10DC2AC5ED1CD9E68A00
                                                                                                                                                                                                                              Function 00007FFDFAD37CD0 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_memcmp
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2788248766-0
                                                                                                                                                                                                                              • Opcode ID: b5a219c8196130646d0c65d40c7297d186f2a1cae857866210e82eb57502604f
                                                                                                                                                                                                                              • Instruction ID: 81f08308b1fe956709cb0e01a6ef39775cb179ca0987fb16b99ff4be61b6c40d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b5a219c8196130646d0c65d40c7297d186f2a1cae857866210e82eb57502604f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8DD0C91AF1654686EB4CB33E9DA65AD02E0AB80790FD880B4E11DC2AD5ED1DD9E68A01
                                                                                                                                                                                                                              Function 00007FF7F77E2F20 Relevance: 291.0, APIs: 55, Strings: 111, Instructions: 457libraryloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF7F77E22DE,?,?,?,?), ref: 00007FF7F77E2F36
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF7F77E22DE,?,?,?,?), ref: 00007FF7F77E2F75
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF7F77E22DE,?,?,?,?), ref: 00007FF7F77E2F9A
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF7F77E22DE,?,?,?,?), ref: 00007FF7F77E2FBF
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF7F77E22DE,?,?,?,?), ref: 00007FF7F77E2FE7
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF7F77E22DE,?,?,?,?), ref: 00007FF7F77E300F
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF7F77E22DE,?,?,?,?), ref: 00007FF7F77E3037
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF7F77E22DE,?,?,?,?), ref: 00007FF7F77E305F
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF7F77E22DE,?,?,?,?), ref: 00007FF7F77E3087
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AddressProc
                                                                                                                                                                                                                              • String ID: Failed to get address for PyDict_GetItemString$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyList_New$Failed to get address for PyLong_AsLong$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PySys_AddWarnOption$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetArgvEx$Failed to get address for PySys_SetObject$Failed to get address for PySys_SetPath$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_BuildValue$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_DontWriteBytecodeFlag$Failed to get address for Py_FileSystemDefaultEncoding$Failed to get address for Py_Finalize$Failed to get address for Py_FrozenFlag$Failed to get address for Py_GetPath$Failed to get address for Py_IgnoreEnvironmentFlag$Failed to get address for Py_IncRef$Failed to get address for Py_Initialize$Failed to get address for Py_NoSiteFlag$Failed to get address for Py_NoUserSiteDirectory$Failed to get address for Py_OptimizeFlag$Failed to get address for Py_SetPath$Failed to get address for Py_SetProgramName$Failed to get address for Py_SetPythonHome$Failed to get address for Py_UTF8Mode$Failed to get address for Py_UnbufferedStdioFlag$Failed to get address for Py_VerboseFlag$GetProcAddress$PyDict_GetItemString$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyList_New$PyLong_AsLong$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyRun_SimpleStringFlags$PySys_AddWarnOption$PySys_GetObject$PySys_SetArgvEx$PySys_SetObject$PySys_SetPath$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_BuildValue$Py_DecRef$Py_DecodeLocale$Py_DontWriteBytecodeFlag$Py_FileSystemDefaultEncoding$Py_Finalize$Py_FrozenFlag$Py_GetPath$Py_IgnoreEnvironmentFlag$Py_IncRef$Py_Initialize$Py_NoSiteFlag$Py_NoUserSiteDirectory$Py_OptimizeFlag$Py_SetPath$Py_SetProgramName$Py_SetPythonHome$Py_UTF8Mode$Py_UnbufferedStdioFlag$Py_VerboseFlag
                                                                                                                                                                                                                              • API String ID: 190572456-3109299426
                                                                                                                                                                                                                              • Opcode ID: 3d8788b48c699204fb620db4b6681a167f3e5177f9efbc96361098fa63709e71
                                                                                                                                                                                                                              • Instruction ID: 1c488f648ae4758691c16fe62728be0759eb8c8dc06422545adb9051c8285144
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3d8788b48c699204fb620db4b6681a167f3e5177f9efbc96361098fa63709e71
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B142ED6DA29F0791FB15BB14AC40574EBE1AF08792BC45035C82E053E4FFBCA56A93B1
                                                                                                                                                                                                                              Function 00007FF7F77E4730 Relevance: 166.5, APIs: 31, Strings: 64, Instructions: 287libraryloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                              • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                              • API String ID: 2238633743-1453502826
                                                                                                                                                                                                                              • Opcode ID: 387b05963c1573a630a89e02a7d3e5c8a0eed87054fdcdadb8995d5c72bb8a89
                                                                                                                                                                                                                              • Instruction ID: 02f88c870fe1db162d64c1b657e19bcdc2eeab1d7257c77ad48e38db2c682a81
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 387b05963c1573a630a89e02a7d3e5c8a0eed87054fdcdadb8995d5c72bb8a89
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 25E1FC6DA39B0790EB14BF14E8605B4A7E1AF08782BD45031DC2D462D4EF3CE16A83F2
                                                                                                                                                                                                                              Function 00007FFDFACF1950 Relevance: 73.7, APIs: 37, Strings: 5, Instructions: 205COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debugR_set_error$L_sk_set_cmp_funcX509_$E_freeM_read_bio_O_freeX509X509_free$E_dupErrorL_sk_findL_sk_pushLastO_ctrlO_newO_s_fileO_snprintfR_clear_errorR_endR_readX509_get_subject_name_errno_stat64i32
                                                                                                                                                                                                                              • String ID: %s/%s$..\s\ssl\ssl_cert.c$SSL_add_dir_cert_subjects_to_stack$SSL_add_file_cert_subjects_to_stack$calling OPENSSL_dir_read(%s)
                                                                                                                                                                                                                              • API String ID: 2506108043-502574948
                                                                                                                                                                                                                              • Opcode ID: bf26698f68f94d39b300660ea73b86fac77f59ff2e664e9868de496b416831d8
                                                                                                                                                                                                                              • Instruction ID: 4eef7cd95efa8c7d37bf0d9a089d8a716ec35d2074935f9712fa45c84ef847dd
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bf26698f68f94d39b300660ea73b86fac77f59ff2e664e9868de496b416831d8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E4917F66B1C68246F758AB21A871FBE2360EF85BC4F4050B1EA6D477DEEF7CE4418610
                                                                                                                                                                                                                              Function 00007FFDFACEBB00 Relevance: 49.2, APIs: 25, Strings: 3, Instructions: 191COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • EVP_MD_CTX_new.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FFDFACEC4CB), ref: 00007FFDFACEBB84
                                                                                                                                                                                                                              • EVP_MD_CTX_new.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FFDFACEC4CB), ref: 00007FFDFACEBB8C
                                                                                                                                                                                                                              • memset.VCRUNTIME140(?,00000000,?,?,?,00000000,00000000,00007FFDFACEC4CB), ref: 00007FFDFACEBBED
                                                                                                                                                                                                                              • EVP_DigestInit_ex.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FFDFACEC4CB), ref: 00007FFDFACEBC01
                                                                                                                                                                                                                              • EVP_DigestUpdate.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FFDFACEC4CB), ref: 00007FFDFACEBC19
                                                                                                                                                                                                                              • EVP_DigestUpdate.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FFDFACEC4CB), ref: 00007FFDFACEBC38
                                                                                                                                                                                                                              • EVP_DigestUpdate.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FFDFACEC4CB), ref: 00007FFDFACEBC55
                                                                                                                                                                                                                              • EVP_DigestUpdate.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FFDFACEC4CB), ref: 00007FFDFACEBC72
                                                                                                                                                                                                                              • EVP_DigestFinal_ex.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FFDFACEC4CB), ref: 00007FFDFACEBC8A
                                                                                                                                                                                                                              • EVP_DigestInit_ex.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FFDFACEC4CB), ref: 00007FFDFACEBCA2
                                                                                                                                                                                                                              • EVP_DigestUpdate.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FFDFACEC4CB), ref: 00007FFDFACEBCC1
                                                                                                                                                                                                                              • EVP_DigestUpdate.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FFDFACEC4CB), ref: 00007FFDFACEBCDC
                                                                                                                                                                                                                              • EVP_DigestFinal_ex.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FFDFACEC4CB), ref: 00007FFDFACEBCFB
                                                                                                                                                                                                                              • OPENSSL_cleanse.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FFDFACEC4CB), ref: 00007FFDFACEBD1E
                                                                                                                                                                                                                              • ERR_new.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FFDFACEC4CB), ref: 00007FFDFACEBD30
                                                                                                                                                                                                                              • ERR_set_debug.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FFDFACEC4CB), ref: 00007FFDFACEBD48
                                                                                                                                                                                                                              • EVP_DigestFinal_ex.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FFDFACEC4CB), ref: 00007FFDFACEBD5A
                                                                                                                                                                                                                              • memcpy.VCRUNTIME140(?,00000000,?,?,?,00000000,00000000,00007FFDFACEC4CB), ref: 00007FFDFACEBD71
                                                                                                                                                                                                                              • ERR_new.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FFDFACEC4CB), ref: 00007FFDFACEBD78
                                                                                                                                                                                                                              • ERR_new.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FFDFACEC4CB), ref: 00007FFDFACEBD84
                                                                                                                                                                                                                              • ERR_new.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FFDFACEC4CB), ref: 00007FFDFACEBD90
                                                                                                                                                                                                                              • ERR_new.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FFDFACEC4CB), ref: 00007FFDFACEBD9C
                                                                                                                                                                                                                              • ERR_set_debug.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FFDFACEC4CB), ref: 00007FFDFACEBDB4
                                                                                                                                                                                                                              • EVP_MD_CTX_free.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FFDFACEC4CB), ref: 00007FFDFACEBDD1
                                                                                                                                                                                                                              • EVP_MD_CTX_free.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FFDFACEC4CB), ref: 00007FFDFACEBDD9
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Digest$Update$R_new$Final_ex$Init_exR_set_debugX_freeX_new$L_cleansememcpymemset
                                                                                                                                                                                                                              • String ID: ..\s\ssl\s3_enc.c$A$ssl3_generate_key_block
                                                                                                                                                                                                                              • API String ID: 4105275626-2069633906
                                                                                                                                                                                                                              • Opcode ID: 34e0a61e655ada4f4226dcad9472c4ed9de1b98392119ba613fc4c37797a3014
                                                                                                                                                                                                                              • Instruction ID: 82c911e61cbc06131c31bf789ef1a1409904a03bf4c04947f0344a05e03dd495
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 34e0a61e655ada4f4226dcad9472c4ed9de1b98392119ba613fc4c37797a3014
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4A71D656B0864245FB58A712D8A0EFE2290FF85BC4F445071ED6E8B7DEEE7CE9418B40
                                                                                                                                                                                                                              Function 00007FFDFAD098C0 Relevance: 45.7, APIs: 23, Strings: 3, Instructions: 167COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_rsa.c$SSL_CTX_use_certificate$ssl_set_cert
                                                                                                                                                                                                                              • API String ID: 1552677711-1118281239
                                                                                                                                                                                                                              • Opcode ID: c4c6de47d5527ed7328ba4f1b9b3bf33f4b36e2ab72b7472a780cc07d133737a
                                                                                                                                                                                                                              • Instruction ID: f193e91821686d5343b6f51710f850a16c9e5c8ad28451641940f9ae119b202c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c4c6de47d5527ed7328ba4f1b9b3bf33f4b36e2ab72b7472a780cc07d133737a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 52619566F1898285EB48DB25E861EBD6360EB99BC4F540071EA1D43BDEFE6CD941C700
                                                                                                                                                                                                                              Function 00007FFDFACE169A Relevance: 42.2, APIs: 23, Strings: 1, Instructions: 209COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Digest$Update$Final_exX_copy_exX_freeX_get0_mdmemcpy$D_get_sizeR_get_modeX_get0_cipherX_new
                                                                                                                                                                                                                              • String ID: 666666666666666666666666666666666666666666666666\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
                                                                                                                                                                                                                              • API String ID: 1783088893-2009547811
                                                                                                                                                                                                                              • Opcode ID: a46b84821207261290633b27b6e15e2baca2b6e84e9f24fd3b904ddf50559d1b
                                                                                                                                                                                                                              • Instruction ID: 07ea15bc7a4124dcb4fe4c2b418ee70b135a530987446e519b0bd123a60a9cca
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a46b84821207261290633b27b6e15e2baca2b6e84e9f24fd3b904ddf50559d1b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7381D456B086C245EB189766ACA5ABA6BD0EF85BC4F0400B1ED6E477DEFE2CE041C300
                                                                                                                                                                                                                              Function 00007FFDFACE20CC Relevance: 36.9, APIs: 19, Strings: 2, Instructions: 160COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Digest$Update$Final_exInit_ex$L_cleanseR_newR_set_debugX_freeX_new
                                                                                                                                                                                                                              • String ID: ..\s\ssl\s3_enc.c$ssl3_generate_master_secret
                                                                                                                                                                                                                              • API String ID: 284231625-143700668
                                                                                                                                                                                                                              • Opcode ID: a7325df7653869efc76bb9be2c480e1dc31f34f4602143989c0c190b8024785e
                                                                                                                                                                                                                              • Instruction ID: a4f0d15db1e0c9eabc9d882cfef99a42dcd5f355470a5840af89afa4b52c5ded
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a7325df7653869efc76bb9be2c480e1dc31f34f4602143989c0c190b8024785e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1351B266B1C28345EB28AB26EDA1FBE6291FF45BC4F404070DE5D477CAEE2CE9418740
                                                                                                                                                                                                                              Function 00007FFDFACE2513 Relevance: 36.9, APIs: 19, Strings: 2, Instructions: 110COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debug$O_ctrlO_freeO_newO_s_fileR_set_errorX509_free
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_rsa.c$SSL_CTX_use_certificate_file
                                                                                                                                                                                                                              • API String ID: 2680622528-1162081224
                                                                                                                                                                                                                              • Opcode ID: cd7ab021bae6cac9a4b447c5489dc88874867dd36a8577e881482a3f5d7a7191
                                                                                                                                                                                                                              • Instruction ID: 74c84a6505398932870743b4d6065454d961e4be5288214dcd044a5c4571f208
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cd7ab021bae6cac9a4b447c5489dc88874867dd36a8577e881482a3f5d7a7191
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 82418E66F0C64285FB18AB51EC61DBD22A1EF84794F5440B2E92D037DEFEBCE9468740
                                                                                                                                                                                                                              Function 00007FFDFACE14BF Relevance: 33.5, APIs: 17, Strings: 2, Instructions: 243COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_new$R_set_debug$ErrorLastM_freeR_clear_errorR_set_error
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem.c$state_machine
                                                                                                                                                                                                                              • API String ID: 1370845099-1722249466
                                                                                                                                                                                                                              • Opcode ID: 9309f1701a42d567f2b256d78ef444061abe5330f80f315c89d8de48205de333
                                                                                                                                                                                                                              • Instruction ID: 39e35dfde1ce1f8437615f894ebc6535effd5b2e6acd43320a0ef0f6d2dc79cd
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9309f1701a42d567f2b256d78ef444061abe5330f80f315c89d8de48205de333
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0CA17B62F0834285FBA89B25DCA0FF822D5EF50B84F5444B1DA2D476CEEE7CE9818351
                                                                                                                                                                                                                              Function 00007FFDFAD1BFF0 Relevance: 33.5, APIs: 10, Strings: 9, Instructions: 223COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_indentO_printf
                                                                                                                                                                                                                              • String ID: %s (0x%02X)$%s=0x%x (%s)$UNKNOWN$cipher_suites (len=%d)$client_version$compression_methods (len=%d)$cookie$session_id${0x%02X, 0x%02X} %s
                                                                                                                                                                                                                              • API String ID: 1860387303-676829095
                                                                                                                                                                                                                              • Opcode ID: b4e2bb30b7b02d4a7fa67aa01bb3a579f1fb2c961d8ba72e801881dc6a812edb
                                                                                                                                                                                                                              • Instruction ID: 9dbd943d598666c1ad4cabc50496530c1386ca61a4aa757ec253396fb862c34f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b4e2bb30b7b02d4a7fa67aa01bb3a579f1fb2c961d8ba72e801881dc6a812edb
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5F91F726B0869295FB689B11AC24AAE67A2FB45BD0F544171DEBD03BDDEF7CE101C700
                                                                                                                                                                                                                              Function 00007FFDFACE2216 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 213COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debug
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_parse_ctos_key_share
                                                                                                                                                                                                                              • API String ID: 193678381-166674739
                                                                                                                                                                                                                              • Opcode ID: 3d54f432a21c69ec89392fa1055242ed499851da1c9f716241028e5d558cc84c
                                                                                                                                                                                                                              • Instruction ID: 4f270a1885c1b2604840d9a6ed4ca634e8824058ce5dbece949bfdd0fb4af64d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3d54f432a21c69ec89392fa1055242ed499851da1c9f716241028e5d558cc84c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3691B462F0A79245F7689B21DC24EFA6290EF50784F044172DDAE47ADEEF7CE9818740
                                                                                                                                                                                                                              Function 00007FFDFAD199E0 Relevance: 28.3, APIs: 11, Strings: 5, Instructions: 295COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_new$D_get_sizeR_set_debugY_get_size
                                                                                                                                                                                                                              • String ID: ..\s\ssl\t1_lib.c$gfffffff$gfffffff$gfffffff$tls_choose_sigalg
                                                                                                                                                                                                                              • API String ID: 2573607796-412855087
                                                                                                                                                                                                                              • Opcode ID: b198b4625512f69120fe775bf1e9d44d2f16eaf42a8285a28851fdf0479b8d3e
                                                                                                                                                                                                                              • Instruction ID: 0294d0f36bfa582c7db77481732af695cf2a16b25c4c024e1868c37baa6f0ad5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b198b4625512f69120fe775bf1e9d44d2f16eaf42a8285a28851fdf0479b8d3e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 01C10326B0864696FB2D9B16A960AB92691FF80B9CF444171DE3D437D9EF3CF8528301
                                                                                                                                                                                                                              Function 00007FFDFACE20D1 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 162COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_new$i2d_$L_sk_numR_set_debugX509_$L_sk_value
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_status_request
                                                                                                                                                                                                                              • API String ID: 3024451675-148121689
                                                                                                                                                                                                                              • Opcode ID: d63e51b561f0bd9d7ecc1b5dd5e8479497ae26b9df92f8fbfbb51198ed5b0986
                                                                                                                                                                                                                              • Instruction ID: 5e47dc8b4227f75dd8699f2c0d5501b0ff9ac7f5807bec7bc217e1dea9883c6f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d63e51b561f0bd9d7ecc1b5dd5e8479497ae26b9df92f8fbfbb51198ed5b0986
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F8515B26F0C65241FB5CA721AD61EFD1295EF85BC4F4440B1DD2D97ACEFE6CE9828200
                                                                                                                                                                                                                              Function 00007FFDFACE24A5 Relevance: 26.7, APIs: 13, Strings: 2, Instructions: 419COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newX_ctrl$R_get_flagsR_set_debugX_get0_cipher$O_test_flags
                                                                                                                                                                                                                              • String ID: ..\s\ssl\record\rec_layer_s3.c$ssl3_write_bytes
                                                                                                                                                                                                                              • API String ID: 2309317691-176253594
                                                                                                                                                                                                                              • Opcode ID: 608755934d9bf44955aa4b124b746fd5c25db4abe21bd61a4c9f5f6bae83f1e4
                                                                                                                                                                                                                              • Instruction ID: 673fe27074543dc7767707db23db6af4edc3bc6a03d220f30a632bdfa4ea853d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 608755934d9bf44955aa4b124b746fd5c25db4abe21bd61a4c9f5f6bae83f1e4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0C026922B0878685EB689B25DD24BBD67E0EB91B88F140075DE6D47BDDEF78E845C300
                                                                                                                                                                                                                              Function 00007FFDFAD51940 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 191COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debug$L_sk_numL_sk_valueO_new
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_lib.c$No ciphers enabled for max supported SSL/TLS version$The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers$tls_setup_handshake
                                                                                                                                                                                                                              • API String ID: 2488525820-2497654048
                                                                                                                                                                                                                              • Opcode ID: d10a5e80f5c9078c26327b6a18abf1a25eb20c56597539f791a4744731ca2e3a
                                                                                                                                                                                                                              • Instruction ID: 6a8a6a80d07c7584be7e032419cef40a9f7e82ba5d8b2c268c9199439a49d35c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d10a5e80f5c9078c26327b6a18abf1a25eb20c56597539f791a4744731ca2e3a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1C91C222B0828289E758AB25D860BBD2364FF85B88F444176ED5D476DDEFBDE5C1C700
                                                                                                                                                                                                                              Function 00007FFDFACE1825 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 81COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_next$O_free_allO_int_ctrlO_newO_s_socketO_up_refR_newR_set_debugR_set_error
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c$SSL_set_fd
                                                                                                                                                                                                                              • API String ID: 2935861444-3152457077
                                                                                                                                                                                                                              • Opcode ID: e22caefd459698eef22aae7eb673479cd39751a60846fff1320b17e4127f4f89
                                                                                                                                                                                                                              • Instruction ID: 6a9faa75bfc4c31ddef8e4fcf2b9bd816cd3afac7277a4daa08a4231208e1c29
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e22caefd459698eef22aae7eb673479cd39751a60846fff1320b17e4127f4f89
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E0318E22F0965285EB5CAB25ED61D7C2260EF44BC8F4844B1E96D07BDEFE6CE8508740
                                                                                                                                                                                                                              Function 00007FFDFACE1BDB Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: E_dupL_sk_new_reserveL_sk_numL_sk_pushL_sk_valueR_newR_set_debugR_set_errorX509_
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_cert.c$SSL_dup_CA_list
                                                                                                                                                                                                                              • API String ID: 876855465-3127325357
                                                                                                                                                                                                                              • Opcode ID: 26c8c950f315b442794ff6ae20a326b422e549378035f92cda48f836a09ba014
                                                                                                                                                                                                                              • Instruction ID: 38b3109b660fe7ad1bec810514d8cc0c8b8398e2a99d79def117de5cd87cc09a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 26c8c950f315b442794ff6ae20a326b422e549378035f92cda48f836a09ba014
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D921AD26F1C6828AE758A725A861EBE6260EF447C0F9400B1E96D437DEFE6CE841C650
                                                                                                                                                                                                                              Function 00007FFDFACE165E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 185COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debug
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions_clnt.c$No groups enabled for max supported SSL/TLS version$tls_construct_ctos_supported_groups
                                                                                                                                                                                                                              • API String ID: 193678381-1756869798
                                                                                                                                                                                                                              • Opcode ID: bde02f0962528dc0103f7043ecc4e5bcf07b5367a5abc03eade461fd0d1deccf
                                                                                                                                                                                                                              • Instruction ID: 2cc43a102211570acd83f95262e19d70eaa29389b5a0639a1dbb082402f33c77
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bde02f0962528dc0103f7043ecc4e5bcf07b5367a5abc03eade461fd0d1deccf
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 65719065B1C74282E7689711E960EFA6294FF90780F5040B1EE6D87ADDEF7DE981C700
                                                                                                                                                                                                                              Function 00007FFDFACE2527 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 109COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_new$R_set_debug$memcmp
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_parse_stoc_renegotiate
                                                                                                                                                                                                                              • API String ID: 4071200903-1100612425
                                                                                                                                                                                                                              • Opcode ID: e3c0297cb78d4ccae38631dae560c302e48473662f369530a27808eaf57438fd
                                                                                                                                                                                                                              • Instruction ID: 4e30cdde7bbfdbf07f3654c0b9bc2f890011213daac9f2145435d70dd77054a1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e3c0297cb78d4ccae38631dae560c302e48473662f369530a27808eaf57438fd
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3B41A561F19A4685EB589B11ED60EF82354EF50B88F544072DB2D0BBDEEF6CD9928300
                                                                                                                                                                                                                              Function 00007FFDFABC48C4 Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 94COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038579962.00007FFDFABC1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038551243.00007FFDFABC0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFABC5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC22000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC6E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC71000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC76000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFACD0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038823075.00007FFDFACD3000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038844403.00007FFDFACD5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdfabc0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Unicode_$CompareString$With$DeallocErr_Ready
                                                                                                                                                                                                                              • String ID: NFC$NFD$NFKC$NFKD$invalid normalization form
                                                                                                                                                                                                                              • API String ID: 1067165228-3528878251
                                                                                                                                                                                                                              • Opcode ID: 84b6ee6fd32b1749266b3b3277a0080e416e3c06d1c571da1b6b520214c44c91
                                                                                                                                                                                                                              • Instruction ID: 8d16d4ccdaa90d8413e8f689be68be4744f39a127c43264d459975fbf9795324
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 84b6ee6fd32b1749266b3b3277a0080e416e3c06d1c571da1b6b520214c44c91
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 71417F21B0CA5389EB188B12A868E3963A4BF45B88FC646B5DD6F476D8DF6CE104D300
                                                                                                                                                                                                                              Function 00007FFDFAD1BAF0 Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 84COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_puts$O_indentO_printfX509X509_freed2i_
                                                                                                                                                                                                                              • String ID: ------details-----$------------------$<TRAILING GARBAGE AFTER CERTIFICATE>$<UNPARSEABLE CERTIFICATE>$ASN.1Cert, length=%d
                                                                                                                                                                                                                              • API String ID: 4063798575-1858050172
                                                                                                                                                                                                                              • Opcode ID: 527b0f517e9145397ede43d49dcb3b330cdb81a3940d9b5f37a0a9b7634a1f5e
                                                                                                                                                                                                                              • Instruction ID: f8dcaa9f505fcb69da5113f1d571ec3538fcf3bd4fb9082ce016773b706a4f52
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 527b0f517e9145397ede43d49dcb3b330cdb81a3940d9b5f37a0a9b7634a1f5e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D318F1270968259EB58DB26EC61ABD6761EB44BD0F441172EA6D47BCAFF6CE1028700
                                                                                                                                                                                                                              Function 00007FFDFAD1DD40 Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 73COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_indentO_printf$O_puts
                                                                                                                                                                                                                              • String ID: %02X$%s (len=%d): $Random:$gmt_unix_time=0x%08X$random_bytes
                                                                                                                                                                                                                              • API String ID: 4010264686-1582741163
                                                                                                                                                                                                                              • Opcode ID: 4faa941b37fcdc964b9e62d5eea3d4fcdc2d9b7e95b0b398cb7189b61d94447b
                                                                                                                                                                                                                              • Instruction ID: 5a469f6fa264d84c2dff67b936abe2483272cd9a0128956d41c395f86d621381
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4faa941b37fcdc964b9e62d5eea3d4fcdc2d9b7e95b0b398cb7189b61d94447b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 66218427B0CA6159F748DB26AC609AD6B61EB85BC5F454171ED68076CEFF7CD202CB00
                                                                                                                                                                                                                              Function 00007FFDFAD1DEB0 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 161COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_indentO_printf
                                                                                                                                                                                                                              • String ID: %s=0x%x (%s)$UNKNOWN$cipher_suite {0x%02X, 0x%02X} %s$compression_method: %s (0x%02X)$server_version$session_id
                                                                                                                                                                                                                              • API String ID: 1860387303-3448146522
                                                                                                                                                                                                                              • Opcode ID: e5151b5d1ba311886917093a921ec9204454593276ef4076a0d854b38fbd9c24
                                                                                                                                                                                                                              • Instruction ID: 7a212fcba089f5e2f037f6591c3f15c1d396a649bff7e03af595f1b5367724f2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e5151b5d1ba311886917093a921ec9204454593276ef4076a0d854b38fbd9c24
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7B51F732B0869295FB688B15EC24ABA67A5FB81B90F548171DEEC037D9EF3CD541C700
                                                                                                                                                                                                                              Function 00007FFDFABC24D0 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 73COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038579962.00007FFDFABC1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038551243.00007FFDFABC0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFABC5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC22000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC6E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC71000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC76000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFACD0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038823075.00007FFDFACD3000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038844403.00007FFDFACD5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdfabc0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Module_$Dealloc$ObjectObject_$Capsule_ConstantFromMallocMem_SpecStringTrackTypeType_
                                                                                                                                                                                                                              • String ID: 14.0.0$_ucnhash_CAPI$ucd_3_2_0$unidata_version
                                                                                                                                                                                                                              • API String ID: 288921926-1430584071
                                                                                                                                                                                                                              • Opcode ID: 093a6e99f6c7ac6b9da6a92ec34a7c46fe80505c17f2a94d6c5583e06f8421e3
                                                                                                                                                                                                                              • Instruction ID: feca736476538f842c54670b2f5cc9f733e236b9e8bbf370562109c3956d733b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 093a6e99f6c7ac6b9da6a92ec34a7c46fe80505c17f2a94d6c5583e06f8421e3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA212961F4CA0381FB1D6B22A834D796398AF89B91BCA51B1C92E067DCDE2CE001D310
                                                                                                                                                                                                                              Function 00007FFDFAD49A90 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 170COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • BN_bin2bn.LIBCRYPTO-3(00000000,00000000,?,?,?,00007FFDFAD46C91), ref: 00007FFDFAD49C1C
                                                                                                                                                                                                                              • BN_bin2bn.LIBCRYPTO-3(00000000,00000000,?,?,?,00007FFDFAD46C91), ref: 00007FFDFAD49C39
                                                                                                                                                                                                                              • BN_bin2bn.LIBCRYPTO-3(00000000,00000000,?,?,?,00007FFDFAD46C91), ref: 00007FFDFAD49C56
                                                                                                                                                                                                                              • BN_bin2bn.LIBCRYPTO-3(00000000,00000000,?,?,?,00007FFDFAD46C91), ref: 00007FFDFAD49C6F
                                                                                                                                                                                                                              • X509_get0_pubkey.LIBCRYPTO-3(00000000,00000000,?,?,?,00007FFDFAD46C91), ref: 00007FFDFAD49CA7
                                                                                                                                                                                                                              • ERR_new.LIBCRYPTO-3(00000000,00000000,?,?,?,00007FFDFAD46C91), ref: 00007FFDFAD49CD0
                                                                                                                                                                                                                              • ERR_set_debug.LIBCRYPTO-3(00000000,00000000,?,?,?,00007FFDFAD46C91), ref: 00007FFDFAD49CE8
                                                                                                                                                                                                                              • ERR_new.LIBCRYPTO-3(00000000,00000000,?,?,?,00007FFDFAD46C91), ref: 00007FFDFAD49D06
                                                                                                                                                                                                                              • ERR_set_debug.LIBCRYPTO-3(00000000,00000000,?,?,?,00007FFDFAD46C91), ref: 00007FFDFAD49D1E
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: N_bin2bn$R_newR_set_debug$X509_get0_pubkey
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_clnt.c$tls_process_ske_srp
                                                                                                                                                                                                                              • API String ID: 589648786-2175212704
                                                                                                                                                                                                                              • Opcode ID: afedb92ec50194893ae48d408e42c68bef9516ce47ffca680ac618a0165fdc0d
                                                                                                                                                                                                                              • Instruction ID: 41121fa5153b7835ccd069dab99cfea64809252f3fe345c3c5c556cb0fbc2f0c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: afedb92ec50194893ae48d408e42c68bef9516ce47ffca680ac618a0165fdc0d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D361DC66F1CB8145E7259B25AC159B97790FB95788F048271EDDC13699FF3CE2908700
                                                                                                                                                                                                                              Function 00007FFDFABC1090 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 150COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038579962.00007FFDFABC1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038551243.00007FFDFABC0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFABC5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC22000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC6E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC71000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC76000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFACD0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038823075.00007FFDFACD3000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038844403.00007FFDFACD5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdfabc0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CompareStringUnicode_With$Mem_$FreeMallocSubtypeType_
                                                                                                                                                                                                                              • String ID: NFC$NFD$NFKC$NFKD$invalid normalization form
                                                                                                                                                                                                                              • API String ID: 1723213316-3528878251
                                                                                                                                                                                                                              • Opcode ID: 810bdfc32914a6b9f3e7d28e4da211caf2deacae3ab60a26b15fea2458299ecb
                                                                                                                                                                                                                              • Instruction ID: bb78317393748ad043b8d7dac81954308739fa7a6c01471bfd6d2f0ad2bde703
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 810bdfc32914a6b9f3e7d28e4da211caf2deacae3ab60a26b15fea2458299ecb
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 73518D61B1C25282FB688B26A834E799794AF42BC4FD651B1DD7E57BC9DE2CE401E300
                                                                                                                                                                                                                              Function 00007FFDFACE19EC Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 140COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: L_sk_numL_sk_valueR_newR_set_debug
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_parse_ctos_use_srtp
                                                                                                                                                                                                                              • API String ID: 2660725122-2269544924
                                                                                                                                                                                                                              • Opcode ID: 73176d3ebbe12987100ffa1fc263776be2294d71f4e1226f6aa76f7b23906482
                                                                                                                                                                                                                              • Instruction ID: 25e6d6eae9d1b289998645a9a96193a06ff0873a6c5ddf85e63c120d3eecb5b1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 73176d3ebbe12987100ffa1fc263776be2294d71f4e1226f6aa76f7b23906482
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0151D272F0979285E7189B90EC68AAA63A5EF44790F4545B2E9BD037C9EFBCD480C700
                                                                                                                                                                                                                              Function 00007FFDFAD02040 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debug$R_set_error
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c$SSL_key_update
                                                                                                                                                                                                                              • API String ID: 3782669924-3423994419
                                                                                                                                                                                                                              • Opcode ID: 18ece27f0badc37e1bd6a5253d5a16c6d4e0477e234a7dc3b172b710b4f6283d
                                                                                                                                                                                                                              • Instruction ID: 4f15c6c907b3fc84f711685d5ade63369c9895161ecd04987d535f89f6acaac3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 18ece27f0badc37e1bd6a5253d5a16c6d4e0477e234a7dc3b172b710b4f6283d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1E314122F0C55355F71C9720EC71EB91251EF54784F9480B2EA2C476DEEE6CE9868341
                                                                                                                                                                                                                              Function 00007FFDFACE12DA Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debugR_set_error$X509_freeX509_new_ex
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_rsa.c$SSL_CTX_use_certificate_ASN1
                                                                                                                                                                                                                              • API String ID: 756758628-2599344068
                                                                                                                                                                                                                              • Opcode ID: 4995d27b0bf1321174175f39b0be9676b82be707b6070146dbbec9efc161cf4d
                                                                                                                                                                                                                              • Instruction ID: 316e3fd82b9a7d4c113c4b7dcb093e1b65899219d60a0461b558bf439860b2ba
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4995d27b0bf1321174175f39b0be9676b82be707b6070146dbbec9efc161cf4d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0219222B2C64285EB98E725FC61DAD1260EF987C4F941071FA6E43BDEFE6CD9418740
                                                                                                                                                                                                                              Function 00007FFDFACEB930 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debug$DigestO_writeUpdate
                                                                                                                                                                                                                              • String ID: ..\s\ssl\s3_enc.c$ssl3_finish_mac
                                                                                                                                                                                                                              • API String ID: 756221159-923099695
                                                                                                                                                                                                                              • Opcode ID: 8345ffba938dcd05a84391eb1b7c3cc66a26a17dae0c4356c5f335b0eeb850c5
                                                                                                                                                                                                                              • Instruction ID: 9103c10c7a4341319dbddba8c42797c9a1de4ca4898cd4def281f4489e1b0e65
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8345ffba938dcd05a84391eb1b7c3cc66a26a17dae0c4356c5f335b0eeb850c5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 41216022F1814256EBACA761FDA1EFD1291EF94780F444171E93D83ADAEE6CED908740
                                                                                                                                                                                                                              Function 00007FFDFABC45FC Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 62COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038579962.00007FFDFABC1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038551243.00007FFDFABC0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFABC5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC22000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC6E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC71000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC76000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFACD0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038823075.00007FFDFACD3000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038844403.00007FFDFACD5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdfabc0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Arg_Unicode_$ArgumentCheckDigitErr_PositionalReadyString
                                                                                                                                                                                                                              • String ID: a unicode character$argument 1$digit$not a digit
                                                                                                                                                                                                                              • API String ID: 3305933226-4278345224
                                                                                                                                                                                                                              • Opcode ID: 3217a924504a57fe459749e66487c061ed53d5ecb5f468087b61bf9f04998d2c
                                                                                                                                                                                                                              • Instruction ID: ec709dd1d564ba544a33f001b96129834ac1b21696e060be122909a62767f7d2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3217a924504a57fe459749e66487c061ed53d5ecb5f468087b61bf9f04998d2c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5C215E31F0CA4391EB188B21E868D7963A4EF44B88FC646B5C92E472ECDF2CE545D300
                                                                                                                                                                                                                              Function 00007FFDFAD079C0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_f_bufferO_int_ctrlO_newO_push
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c$ssl_init_wbio_buffer
                                                                                                                                                                                                                              • API String ID: 1655923927-1860519770
                                                                                                                                                                                                                              • Opcode ID: 07ef0fb7d60d19cdaccef97091bbc29893d822b5b0c197d7fe457630323bdb58
                                                                                                                                                                                                                              • Instruction ID: e48821ea320bdac63acd931c0dd8214ae189085df00431847381cde49466241e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 07ef0fb7d60d19cdaccef97091bbc29893d822b5b0c197d7fe457630323bdb58
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 49119462F1864246E758EB61FD61FA922A0EF54380F841071EA2D47BDAFE6CE9918740
                                                                                                                                                                                                                              Function 00007FFDFABC2730 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038579962.00007FFDFABC1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038551243.00007FFDFABC0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFABC5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC22000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC6E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC71000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC76000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFACD0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038823075.00007FFDFACD3000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038844403.00007FFDFACD5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdfabc0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 349153199-0
                                                                                                                                                                                                                              • Opcode ID: 5ae4ae1fad975d5487a8dd9099fd26104a61e4c8513e68d9fc499fd676c40ec1
                                                                                                                                                                                                                              • Instruction ID: a24970aa73ba91fefbc77272687696f80316d0987095b7d2c86fc692354f1a33
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5ae4ae1fad975d5487a8dd9099fd26104a61e4c8513e68d9fc499fd676c40ec1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6081BC21F0C24386FB5CBB669461EB96790AF85B80FC681B5E96D473DEDE2CE945C300
                                                                                                                                                                                                                              Function 00007FFDFACF3D40 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: L_sk_num$L_sk_pop_freeL_sk_valueR_newR_set_debugR_set_error
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_cert.c$ssl_cert_set0_chain
                                                                                                                                                                                                                              • API String ID: 4258318168-2020944375
                                                                                                                                                                                                                              • Opcode ID: 676b04d5c561caa46ed3cbe1cbb091fc7719fb62007114da1707f81ac96fb9bf
                                                                                                                                                                                                                              • Instruction ID: ff75f6811993e26cd475b7a30aaedeb911f7109898a7a6db566743379c08cbfb
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 676b04d5c561caa46ed3cbe1cbb091fc7719fb62007114da1707f81ac96fb9bf
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2321D526B1868556E758DB16E96196E6350FF44BD0F100071EE6D47BEEEE7CD4418700
                                                                                                                                                                                                                              Function 00007FFDFABC1000 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 61COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038579962.00007FFDFABC1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038551243.00007FFDFABC0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFABC5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC22000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC6E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC71000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC76000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFACD0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038823075.00007FFDFACD3000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038844403.00007FFDFACD5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdfabc0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Unicode_$Arg_$ArgumentCompareReadyStringWith$CheckPositionalSubtypeType_
                                                                                                                                                                                                                              • String ID: argument 1$argument 2$normalize$str
                                                                                                                                                                                                                              • API String ID: 3621440800-1320425463
                                                                                                                                                                                                                              • Opcode ID: 94348148c340fa5468beab9ef1746397c69e42e894d14843631ab3fa4ea44381
                                                                                                                                                                                                                              • Instruction ID: ee9d23391437eacf4d8c6e3cb4bd286009e029fe256f124cd937e522f581876b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 94348148c340fa5468beab9ef1746397c69e42e894d14843631ab3fa4ea44381
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B9219671B0C68391E7188B25E468D786360EF44B98FDA42B2C97E476ECCF2CD446D300
                                                                                                                                                                                                                              Function 00007FFDFABC47D8 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 58COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038579962.00007FFDFABC1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038551243.00007FFDFABC0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFABC5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC22000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC6E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC71000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC76000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFACD0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038823075.00007FFDFACD3000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038844403.00007FFDFACD5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdfabc0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Arg_$ArgumentReadyUnicode_$CheckPositional
                                                                                                                                                                                                                              • String ID: argument 1$argument 2$is_normalized$str
                                                                                                                                                                                                                              • API String ID: 396090033-184702317
                                                                                                                                                                                                                              • Opcode ID: 083d934e8de19c9f3ecc87de63ad9be438488cb32d0c3822875fb99c87d5c9cf
                                                                                                                                                                                                                              • Instruction ID: 5efa7a599c6ca8f3e720a39a20a5f56bb4d5163e82f997607567f7b41cf467d5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 083d934e8de19c9f3ecc87de63ad9be438488cb32d0c3822875fb99c87d5c9cf
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4C217421B0CAC785EB188B15E868E792750AF44B98FD642B1D97E476ECCF2CD64AC300
                                                                                                                                                                                                                              Function 00007FF7F77E6670 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetLastError.KERNEL32(WideCharToMultiByte,00007FF7F77E1CE4,?,?,00000000,00007FF7F77E6904), ref: 00007FF7F77E6697
                                                                                                                                                                                                                              • FormatMessageW.KERNEL32 ref: 00007FF7F77E66C6
                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32 ref: 00007FF7F77E671C
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F77E1CB0: GetLastError.KERNEL32(?,?,00000000,00007FF7F77E6904,?,?,?,?,?,?,?,?,?,?,?,00007FF7F77E1023), ref: 00007FF7F77E1CD7
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLast$ByteCharFormatMessageMultiWide
                                                                                                                                                                                                                              • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                                                                                                                              • API String ID: 2383786077-2573406579
                                                                                                                                                                                                                              • Opcode ID: ee4750cad08e904e569e44cd6da303e01fcfffc44399732fd87d74f29f2688a4
                                                                                                                                                                                                                              • Instruction ID: dad51fb06a2eae63a8fc941e87001a890d0964a77362eb5d522bc1d711279eab
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ee4750cad08e904e569e44cd6da303e01fcfffc44399732fd87d74f29f2688a4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 06218639A38A4281F760AF14E8446BAA7A5FF48345FC40135D96D826E4EF3CD15BC7B1
                                                                                                                                                                                                                              Function 00007FFDFACE12A8 Relevance: 15.1, APIs: 10, Instructions: 78COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_freeO_new
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4227620691-0
                                                                                                                                                                                                                              • Opcode ID: 43d71860d8a2d91c31a17df31cca4b0bb0712ab537f37b3cb6bc1110c295d612
                                                                                                                                                                                                                              • Instruction ID: 341b9462ebfdb2618f9a397d5fff1112eb3219d53e44ffca36058827cabd9a96
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 43d71860d8a2d91c31a17df31cca4b0bb0712ab537f37b3cb6bc1110c295d612
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A1215916F1D65248FB5CAB6259B1EBD1290AF85BC4F4400B4EE6E47BCEEE6CEC814304
                                                                                                                                                                                                                              Function 00007FF7F77EF5C8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: f$f$p$p$f
                                                                                                                                                                                                                              • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                              • Opcode ID: 5b8d5396a44c552a0cc4e48ad8092be8cf806d396b8c8f6251230df5f0eb9214
                                                                                                                                                                                                                              • Instruction ID: 135239ab60921951ffca993b15086d26bba23861ae6af479f31888d1abc57e44
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5b8d5396a44c552a0cc4e48ad8092be8cf806d396b8c8f6251230df5f0eb9214
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C812852AA2C1C385FBA07E24D05467AE651FB44754FD44032EEE946DC4DF7CE4928BB2
                                                                                                                                                                                                                              Function 00007FFDFACE19B5 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 161COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debug
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions.c$tls_construct_extensions
                                                                                                                                                                                                                              • API String ID: 193678381-3223585116
                                                                                                                                                                                                                              • Opcode ID: 0f66f8321fa840f3a92081ab2d298df2b00f65286d1421f1f72e1a3bc4319655
                                                                                                                                                                                                                              • Instruction ID: f492a3ef10cdcebcf257849b9daa001910b9d96463151f2f7597980401615980
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f66f8321fa840f3a92081ab2d298df2b00f65286d1421f1f72e1a3bc4319655
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0151A122B0864286E7689B15ECA0FB96290FF88B84F444471DE6D477DDEF3CE961C710
                                                                                                                                                                                                                              Function 00007FFDFACE1BAE Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 126COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Digest$Final_exInit_ex$UpdateX_freeX_new
                                                                                                                                                                                                                              • String ID: exporter
                                                                                                                                                                                                                              • API String ID: 3991325671-111224270
                                                                                                                                                                                                                              • Opcode ID: 6980920787808cf78489bbfb38a80a2ee8d47afcfbd712ef2f20768d61fbdcdc
                                                                                                                                                                                                                              • Instruction ID: e15794e13c3db50d5aa9902293883cf9ebfb051c8cbe7b7f0a526316fb46a93c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6980920787808cf78489bbfb38a80a2ee8d47afcfbd712ef2f20768d61fbdcdc
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 72516E3670878245EB699B15E960BEA62A5FB88BC4F400072EE9D47B8DEF3CD941C700
                                                                                                                                                                                                                              Function 00007FFDFACF58E0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 119COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: L_sk_pushR_newR_set_debugR_set_errormemcpy
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_ciph.c$P$ciphersuite_cb
                                                                                                                                                                                                                              • API String ID: 69574139-2656695495
                                                                                                                                                                                                                              • Opcode ID: 8bd2ce098569f48eb1f2f39b2204072eb6e807f436569e4bdcca165a7422d5fa
                                                                                                                                                                                                                              • Instruction ID: e30d84dfab6355ce5dc2461033deb8877562651443ffdbb9a27dfcdbbe03e4a7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8bd2ce098569f48eb1f2f39b2204072eb6e807f436569e4bdcca165a7422d5fa
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6911AE55F0C1824AF768A724AC61BBD1250EF587C4F900072E9AC43BDEFE2CEA458600
                                                                                                                                                                                                                              Function 00007FFDFACE20B8 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Digest$Final_exInit_ex$UpdateX_freeX_new
                                                                                                                                                                                                                              • String ID: exporter
                                                                                                                                                                                                                              • API String ID: 3991325671-111224270
                                                                                                                                                                                                                              • Opcode ID: 8658a91171fae5a8d5ed054dd2db533ec410306234abf4b43626a48e8451353a
                                                                                                                                                                                                                              • Instruction ID: f174e1e33db8a3766692906f8fec3ccbf6452c445363ff2eb9b28c967a9197dd
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8658a91171fae5a8d5ed054dd2db533ec410306234abf4b43626a48e8451353a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A41613270878255EB28DF16E860AEAB2A4FF89BD0F400072ED9D43B99EE7CD441C600
                                                                                                                                                                                                                              Function 00007FFDFACE10EB Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 105COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debug
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_parse_stoc_psk
                                                                                                                                                                                                                              • API String ID: 193678381-1931443905
                                                                                                                                                                                                                              • Opcode ID: 0cd54eb3b18016eb8596b8bf2c569ecfe3a0b91b8b195e4dc3fc4147cb396758
                                                                                                                                                                                                                              • Instruction ID: 3e7de178ac19d7612dec73a8a7560166862e4d2408aaaf27c9b4b653b981a412
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0cd54eb3b18016eb8596b8bf2c569ecfe3a0b91b8b195e4dc3fc4147cb396758
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F6419532F09A8689F758DB24D860BF92394EB94B48F584171DA6D4B2CAEF7CE5C18700
                                                                                                                                                                                                                              Function 00007FFDFACEDC42 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debug$R_set_error$Y_freeY_get_security_bits
                                                                                                                                                                                                                              • String ID: ..\s\ssl\s3_lib.c$ssl3_ctx_ctrl
                                                                                                                                                                                                                              • API String ID: 3247900180-780421027
                                                                                                                                                                                                                              • Opcode ID: 3080496033423c14b35dd283f7f5fa62782183a524f3f840e6e276bcf112f778
                                                                                                                                                                                                                              • Instruction ID: bf8cc8a08ae50510632088b947933b8edf67f00d0fbf9c564c6e08f1d13dc830
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3080496033423c14b35dd283f7f5fa62782183a524f3f840e6e276bcf112f778
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BB018B56F1D00285FB9DA321EEA1EBD1251DF903C4F8410B2E83D07ADFEE6CE9818200
                                                                                                                                                                                                                              Function 00007FFDFACE2333 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 41COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c$SSL_CTX_check_private_key
                                                                                                                                                                                                                              • API String ID: 1552677711-2096838628
                                                                                                                                                                                                                              • Opcode ID: 47520c5f97b16008fda1cc4b12aafc570e90f933446927589590d1bf795c4cd6
                                                                                                                                                                                                                              • Instruction ID: 30ec7186bdde2375b6d98cfe9e7d7dcde55008cd0ef6dc479073256716a79c78
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 47520c5f97b16008fda1cc4b12aafc570e90f933446927589590d1bf795c4cd6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3001C46AF1968245FB5CE764DCB1EB82350EF50780FA040B1D52C037D9FE6CE9468301
                                                                                                                                                                                                                              Function 00007FFDFACE5A7A Relevance: 13.6, APIs: 9, Instructions: 55COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_set_flags$O_set_retry_reason$O_clear_flagsO_get_retry_reason
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3610643084-0
                                                                                                                                                                                                                              • Opcode ID: ec346a3ecd8ef0eff09505d24858cdc67e1ff2564afee1b3c38daf08c4ed52da
                                                                                                                                                                                                                              • Instruction ID: e60d7d2208b3e260d15a3177b54fa1f7220d78e35ee3b704ef74fc6503da28c6
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ec346a3ecd8ef0eff09505d24858cdc67e1ff2564afee1b3c38daf08c4ed52da
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F3111816F0C1068AF71CB76669B1A7D4245AF85BD0F1041B2D82A4BBDEEEACED834205
                                                                                                                                                                                                                              Function 00007FF7F77ECF90 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                              • String ID: csm$csm$csm
                                                                                                                                                                                                                              • API String ID: 849930591-393685449
                                                                                                                                                                                                                              • Opcode ID: c9717f7599358984fa081211ebe6d8e8a7f2fe77f13a54a703b9fcdffbee59eb
                                                                                                                                                                                                                              • Instruction ID: 7ce7f083912be76e12b23fac31aba53c9486f4b3bcdf7f4aad68424ba3eedaef
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c9717f7599358984fa081211ebe6d8e8a7f2fe77f13a54a703b9fcdffbee59eb
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9EE1B43AA1C7418AEB20AF65D4403ADB7A4FB49798F400535DE6D57BC5CF38E082C7A2
                                                                                                                                                                                                                              Function 00007FFDFABC16E0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 129COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038579962.00007FFDFABC1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038551243.00007FFDFABC0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFABC5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC22000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC6E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC71000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC76000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFACD0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038823075.00007FFDFACD3000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038844403.00007FFDFACD5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdfabc0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Unicode_$Arg_ArgumentFromReadyStringSubtypeType_
                                                                                                                                                                                                                              • String ID: a unicode character$argument$category
                                                                                                                                                                                                                              • API String ID: 2803103377-2068800536
                                                                                                                                                                                                                              • Opcode ID: a6d96ab8f4d74e2785bc45c139f4dad4c1c002ec39197cd78705e508cfcb3221
                                                                                                                                                                                                                              • Instruction ID: c790880dedef98446fb503930c7137d947f6657e3aedf924d19dd29a60b24ebb
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a6d96ab8f4d74e2785bc45c139f4dad4c1c002ec39197cd78705e508cfcb3221
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5951E561B0CA4682EB5C8B09E4B0EB967A1EF44B84FD94175DA6E577DCDF2CE941C300
                                                                                                                                                                                                                              Function 00007FF7F77FDF30 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?,00000000,?,00007FF7F77FE2CA,?,?,0000026AEFB1DD58,00007FF7F77FA383,?,?,?,00007FF7F77FA27A,?,?,?,00007FF7F77F54E2), ref: 00007FF7F77FE0AC
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00000000,?,00007FF7F77FE2CA,?,?,0000026AEFB1DD58,00007FF7F77FA383,?,?,?,00007FF7F77FA27A,?,?,?,00007FF7F77F54E2), ref: 00007FF7F77FE0B8
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                              • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                              • API String ID: 3013587201-537541572
                                                                                                                                                                                                                              • Opcode ID: 5d4014bca18f9f9ee9ee76f308e7221266f6712ab36b1d3e30b229e2872ef72f
                                                                                                                                                                                                                              • Instruction ID: 077d9740bbfbb80d8bdd5f9452c2a0053940f42657388343e4a0a554d85122de
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5d4014bca18f9f9ee9ee76f308e7221266f6712ab36b1d3e30b229e2872ef72f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DE412529B3960281FB11EB169900AB5A391BF88BA0F984135CD3D877C4EE7CE44783F0
                                                                                                                                                                                                                              Function 00007FFDFABC1590 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 112COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038579962.00007FFDFABC1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038551243.00007FFDFABC0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFABC5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC22000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC6E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC71000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC76000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFACD0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038823075.00007FFDFACD3000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038844403.00007FFDFACD5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdfabc0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Unicode_$Arg_ArgumentFromReadyStringSubtypeType_
                                                                                                                                                                                                                              • String ID: a unicode character$argument$bidirectional
                                                                                                                                                                                                                              • API String ID: 2803103377-2110215792
                                                                                                                                                                                                                              • Opcode ID: 36da06cb25986c62c4c3f8f899b6a59008b4eccd6e6682e03f445f584b43c37d
                                                                                                                                                                                                                              • Instruction ID: 2f21ac91fd94596ae4ba662dfdd402941238c8bf478293209bf928aa7428060a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 36da06cb25986c62c4c3f8f899b6a59008b4eccd6e6682e03f445f584b43c37d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CB41DE61B0C64282EB1C8B19E474E7923A1EF44B88FDA4175DBAE532DCDF2CE841D300
                                                                                                                                                                                                                              Function 00007FF7F77E67C0 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 103COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7F77E1023), ref: 00007FF7F77E685F
                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7F77E1023), ref: 00007FF7F77E68AF
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharMultiWide
                                                                                                                                                                                                                              • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                              • API String ID: 626452242-27947307
                                                                                                                                                                                                                              • Opcode ID: 6005c3c3b021663ea81aa36166b0848140842be883a1b4f62739566592ce7020
                                                                                                                                                                                                                              • Instruction ID: ef7e93454df8f0e585404c7e503effbcf0fe639fc5407a7ee4f49b90ec6bed49
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6005c3c3b021663ea81aa36166b0848140842be883a1b4f62739566592ce7020
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 31416336628B8282D720AF11B84017AEBA5FB88790F944135DEAD83BD4DF3CD456D760
                                                                                                                                                                                                                              Function 00007FFDFABC4494 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 87COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038579962.00007FFDFABC1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038551243.00007FFDFABC0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFABC5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC22000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC6E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC71000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC76000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFACD0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038823075.00007FFDFACD3000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038844403.00007FFDFACD5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdfabc0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: FromStringUnicode_$S_snprintfSizeSubtypeType_memcpy
                                                                                                                                                                                                                              • String ID: $%04X
                                                                                                                                                                                                                              • API String ID: 762632776-4013080060
                                                                                                                                                                                                                              • Opcode ID: efaac3812b1e45b0806d1ffd24ca6100d0016fb643bf3bb04f79384b0d54b902
                                                                                                                                                                                                                              • Instruction ID: 7382069f09b541e156e4139fe51a28e4e9469c1fe295c78b7ac642efade7fb8c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: efaac3812b1e45b0806d1ffd24ca6100d0016fb643bf3bb04f79384b0d54b902
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9131A272B08A8141EB298B15D868FB973A1FF45B98F9A0375DA7E476C8DF2CE545C300
                                                                                                                                                                                                                              Function 00007FFDFAD29980 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_new$R_set_debug
                                                                                                                                                                                                                              • String ID: ..\s\ssl\record\ssl3_record.c$early_data_count_ok
                                                                                                                                                                                                                              • API String ID: 476316267-4150192623
                                                                                                                                                                                                                              • Opcode ID: 6cb97c6961251a89484269029ec51c332126babd2e5c3be1ef145e2ddc315883
                                                                                                                                                                                                                              • Instruction ID: 62db554eaa3b7d545488b8ee5bf9f7eb5c12c1d1cd54264760fb3c6b61058e0f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6cb97c6961251a89484269029ec51c332126babd2e5c3be1ef145e2ddc315883
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8131C432F1954287E75C9B24E860FBD22D0EB94788F544075EA2D476D9EF3CEA81C700
                                                                                                                                                                                                                              Function 00007FFDFACE1B22 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 68COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debug$memcpy
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_clnt.c$dtls_process_hello_verify
                                                                                                                                                                                                                              • API String ID: 31086664-1847652839
                                                                                                                                                                                                                              • Opcode ID: 59dc40c8b9f6f8dad156ed3502b33ad2769f9ad965acea84c7853b3f16959336
                                                                                                                                                                                                                              • Instruction ID: b8cc4cde724861f68e7482976efcd4dd4026ffb6b20ad0e0a66d9ea46794bb80
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 59dc40c8b9f6f8dad156ed3502b33ad2769f9ad965acea84c7853b3f16959336
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5521E3A2F08B4581E7189B24ED206B96350FF5CB90F448271DAAD477DAEF2CD6D1C700
                                                                                                                                                                                                                              Function 00007FF7F77E6EC0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00007FF7F77E2D35,?,?,?,?,?,?), ref: 00007FF7F77E6F01
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F77E1CB0: GetLastError.KERNEL32(?,?,00000000,00007FF7F77E6904,?,?,?,?,?,?,?,?,?,?,?,00007FF7F77E1023), ref: 00007FF7F77E1CD7
                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00007FF7F77E2D35,?,?,?,?,?,?), ref: 00007FF7F77E6F75
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                              • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                              • API String ID: 1717984340-27947307
                                                                                                                                                                                                                              • Opcode ID: d869b65ad41923ea885775a182ffbbb4fa8a6a55f9429b012359a23964d7bd56
                                                                                                                                                                                                                              • Instruction ID: d2bed8a344f3977dbb9873f86dabf559be68575f92856db6e58274c349a1ea1b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d869b65ad41923ea885775a182ffbbb4fa8a6a55f9429b012359a23964d7bd56
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F121B429A28B0285E710EF55EC40079FBA1BF88B80F944535DE2D837E4EF3CE55683A0
                                                                                                                                                                                                                              Function 00007FFDFACEFE90 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debugX_freeX_new_from_nameY_free
                                                                                                                                                                                                                              • String ID: ..\s\ssl\s3_lib.c$ssl_generate_param_group
                                                                                                                                                                                                                              • API String ID: 2173273376-2643799583
                                                                                                                                                                                                                              • Opcode ID: 42a940f9a57f88b714a761e6819d1fda585a0eb079e9ac90abb7b9d1ece59025
                                                                                                                                                                                                                              • Instruction ID: 041fd1df22c8a7597a709e088a04043814b32befffe1c514638fe9b67b737cef
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 42a940f9a57f88b714a761e6819d1fda585a0eb079e9ac90abb7b9d1ece59025
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 52217126B1974681F748EB16E8A1AAE5390EF85BC4F441071FD6E477DEEF6CD8408380
                                                                                                                                                                                                                              Function 00007FFDFAD0BC40 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debugR_set_errorY_freeY_up_ref
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_rsa.c$ssl_set_pkey
                                                                                                                                                                                                                              • API String ID: 4194652714-507513155
                                                                                                                                                                                                                              • Opcode ID: 39f4fb155c2929f564d4ecb20fc359980c90a3723bdfcedffaf70fc587f1c144
                                                                                                                                                                                                                              • Instruction ID: 3756f91550747737a2e4cc3704b38e637fe9b4b10d6a40ea26c9d509b7280873
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 39f4fb155c2929f564d4ecb20fc359980c90a3723bdfcedffaf70fc587f1c144
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA21A463B18A4295EF44DB15E890ABD6360FB98BC0F984131EB1D437DEEE38D951C300
                                                                                                                                                                                                                              Function 00007FFDFAD03A57 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 48COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_next$O_free_allO_int_ctrlO_newO_s_socketO_up_refR_newR_set_debugR_set_error
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c$SSL_set_fd
                                                                                                                                                                                                                              • API String ID: 2935861444-3152457077
                                                                                                                                                                                                                              • Opcode ID: 17fc1f9a6157696bf755d150d7f584e62e799007193cca9c2486c6096195e493
                                                                                                                                                                                                                              • Instruction ID: 4f43a229fbc88ce6ad907f2c111742beb69a79da5daac394aea2e08e861eb2fd
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 17fc1f9a6157696bf755d150d7f584e62e799007193cca9c2486c6096195e493
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F0F0C213F1865256E748E725FC21EAA6290EF58380F440070E92C43BDFFE6CE9518700
                                                                                                                                                                                                                              Function 00007FFDFACE20C2 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debugR_set_errorY_freeY_get_security_bits
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c$SSL_CTX_set0_tmp_dh_pkey
                                                                                                                                                                                                                              • API String ID: 2486296959-3750284656
                                                                                                                                                                                                                              • Opcode ID: b78ec14be19508be5f2ba3cb4a26e16aa11da7b85685c5e7afd526f49ea6ba3b
                                                                                                                                                                                                                              • Instruction ID: b0a3fd1e90787a01162aaac0a6cc0adc5619e01a8fbf0ff7497bd412639b8584
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b78ec14be19508be5f2ba3cb4a26e16aa11da7b85685c5e7afd526f49ea6ba3b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4101D266F1858285E748EB24FD61EBD63A0EF88BC4F544071EE5C43BDAEE2CD9418700
                                                                                                                                                                                                                              Function 00007FFDFABC4A40 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 40COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038579962.00007FFDFABC1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038551243.00007FFDFABC0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFABC5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC22000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC6E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC71000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC76000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFACD0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038823075.00007FFDFACD3000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038844403.00007FFDFACD5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdfabc0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Arg_ArgumentErr_FromLongLong_OccurredReadyUnicode_
                                                                                                                                                                                                                              • String ID: a unicode character$argument$mirrored
                                                                                                                                                                                                                              • API String ID: 3097524968-4001128513
                                                                                                                                                                                                                              • Opcode ID: 77cb7ad6de355ad8668d3817cb236b2b5105f7e73bd8a590f5e838a9add7c01f
                                                                                                                                                                                                                              • Instruction ID: 389a7797fba17d192a87e417f23ca365da9d7fc51c163874d8b186a4252c8f7b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 77cb7ad6de355ad8668d3817cb236b2b5105f7e73bd8a590f5e838a9add7c01f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9B018820B0CA8345EB5C9B25A468E792394AF18F98FC616B4E93E472DDDF3CD984C304
                                                                                                                                                                                                                              Function 00007FFDFABC41C4 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 40COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038579962.00007FFDFABC1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038551243.00007FFDFABC0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFABC5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC22000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC6E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC71000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC76000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFACD0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038823075.00007FFDFACD3000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038844403.00007FFDFACD5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdfabc0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Arg_ArgumentErr_FromLongLong_OccurredReadyUnicode_
                                                                                                                                                                                                                              • String ID: a unicode character$argument$combining
                                                                                                                                                                                                                              • API String ID: 3097524968-4202047184
                                                                                                                                                                                                                              • Opcode ID: 6ee8f634c8bf377dd992d2f0ff6affb9e81d614e22d3a0a0852f92623d6c53f6
                                                                                                                                                                                                                              • Instruction ID: 25053575423465548298748f1b86124edcf7aa872d1ea9fecf0c9301f63c49e3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6ee8f634c8bf377dd992d2f0ff6affb9e81d614e22d3a0a0852f92623d6c53f6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1F018224F1C64342EB5C8B61A869D781390EF49758FC61674C93E4B2DCEE2CE544C300
                                                                                                                                                                                                                              Function 00007FFDFACE1578 Relevance: 12.1, APIs: 8, Instructions: 104COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: L_sk_num$L_sk_findL_sk_valueL_strnlenmemcpy
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2509952571-0
                                                                                                                                                                                                                              • Opcode ID: 67e863f97a2399c5e6963cf3e414c384afde16b577900186151b5e10d984833c
                                                                                                                                                                                                                              • Instruction ID: edc1a0e1435371ec585b87e23265290fad9edaaeac6123d137300d20843d2b27
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 67e863f97a2399c5e6963cf3e414c384afde16b577900186151b5e10d984833c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3B31D322B0969245E709AA16A929A7A6798FF41BD0F0C4074FDAD477DDFF7CE481C300
                                                                                                                                                                                                                              Function 00007FFDFABC11D0 Relevance: 10.8, APIs: 7, Instructions: 321COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038579962.00007FFDFABC1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038551243.00007FFDFABC0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFABC5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC22000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC6E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC71000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC76000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFACD0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038823075.00007FFDFACD3000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038844403.00007FFDFACD5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdfabc0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Mem_$MallocSubtypeType_$DeallocErr_FreeMemory
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4139299733-0
                                                                                                                                                                                                                              • Opcode ID: 28f3761f3b9b36c355cab414f80724fd73af126df89ae3bbe0a4b4c216283ad1
                                                                                                                                                                                                                              • Instruction ID: 10e054769eed497287667eff317a02a4107b50c72997b0cbc2ea1fa70693bb2f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 28f3761f3b9b36c355cab414f80724fd73af126df89ae3bbe0a4b4c216283ad1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 64D1EE72B0C65282EB288B14A064D7DA7A5FF45740FD601B2DABE966C9EF7CE841C700
                                                                                                                                                                                                                              Function 00007FFDFACE18A7 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 121COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_ctrlR_newR_set_debugmemcpy
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_dtls.c$dtls1_retransmit_message
                                                                                                                                                                                                                              • API String ID: 152836652-3409696843
                                                                                                                                                                                                                              • Opcode ID: cf964a87ae5538d1b1fef6ed3e891ae559832003b90ea3e1445d44a91628c1b8
                                                                                                                                                                                                                              • Instruction ID: d2ae7ed00ecd49722ee22c0435e526a8641b93a1d4652684050cc7a2c72f3ebf
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cf964a87ae5538d1b1fef6ed3e891ae559832003b90ea3e1445d44a91628c1b8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7D516C36704B84D6D798DB25E590BAE77A8FB88B80F504026EFAC43785DF78D5A4C700
                                                                                                                                                                                                                              Function 00007FF7F77E6FB0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 98COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharMultiWide
                                                                                                                                                                                                                              • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                                                              • API String ID: 626452242-876015163
                                                                                                                                                                                                                              • Opcode ID: 15182e71835fbe62ed04ed96ffee69818c29c72be0e860e28e8d56ff05f5ea04
                                                                                                                                                                                                                              • Instruction ID: a9aba1fbc87494334b873e698a5ef579acc9d5126dc1f7e4d3766e2a1b39e7d9
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 15182e71835fbe62ed04ed96ffee69818c29c72be0e860e28e8d56ff05f5ea04
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4A41C236A28B4282E720EF15E840179A6A5FB88790F940135DE6D47BE4DF3CD053C7A1
                                                                                                                                                                                                                              Function 00007FFDFACE1F96 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 92COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debug
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_construct_stoc_status_request
                                                                                                                                                                                                                              • API String ID: 193678381-3916275234
                                                                                                                                                                                                                              • Opcode ID: c2b1e66498a0104f0f4de4c711d97e62799fe23725b3d1c44e3ce9be2380f79b
                                                                                                                                                                                                                              • Instruction ID: c015ddd52ce8b3512c56b98d533e82c403854ec8543cb4f56b5c082fd10fb9aa
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c2b1e66498a0104f0f4de4c711d97e62799fe23725b3d1c44e3ce9be2380f79b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 83316F25B1824286E75C9726EDA4FFD2250EF54B88F4840B1E96C876DEEE6DD9C1C700
                                                                                                                                                                                                                              Function 00007FF7F77E55E0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F77E6DB0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF7F77E6DEA
                                                                                                                                                                                                                              • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF7F77E592F,?,00000000,?,TokenIntegrityLevel), ref: 00007FF7F77E563F
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF7F77E569A
                                                                                                                                                                                                                              • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF7F77E5616
                                                                                                                                                                                                                              • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF7F77E5653
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharEnvironmentExpandMultiStringsWide
                                                                                                                                                                                                                              • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                                                                                                                                                                              • API String ID: 2001182103-3498232454
                                                                                                                                                                                                                              • Opcode ID: a1120828b3476f260000b83a15022e52e527ac597b894c2c5ce775141fa959ef
                                                                                                                                                                                                                              • Instruction ID: dad1b904f98662d2f6e4db489f70ead4629b7c5bb333d76f449e3f7c2e851252
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a1120828b3476f260000b83a15022e52e527ac597b894c2c5ce775141fa959ef
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8C31AB59B3874681FB20B725D9512FAD291AF9C7C0FC40435DE2E827D6ED3CE11686B1
                                                                                                                                                                                                                              Function 00007FFDFACE19C8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 86COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debug
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_ec_pt_formats
                                                                                                                                                                                                                              • API String ID: 193678381-302162076
                                                                                                                                                                                                                              • Opcode ID: 214b80f7f612d99bc179a5f8a15b060632c6ba0de4cac636b4789a1ca6fc005e
                                                                                                                                                                                                                              • Instruction ID: 61d6e57c7e38233026da848aca6f1309a818c6c1b6ab41aae643fc4a24d9734f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 214b80f7f612d99bc179a5f8a15b060632c6ba0de4cac636b4789a1ca6fc005e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D931A366B0864241E728A712E921AEE6350EF94BC4F444071EE6D47BCEEE6CE981C740
                                                                                                                                                                                                                              Function 00007FF7F77E6DB0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF7F77E6DEA
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F77E1CB0: GetLastError.KERNEL32(?,?,00000000,00007FF7F77E6904,?,?,?,?,?,?,?,?,?,?,?,00007FF7F77E1023), ref: 00007FF7F77E1CD7
                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF7F77E6E70
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                              • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                                                              • API String ID: 1717984340-876015163
                                                                                                                                                                                                                              • Opcode ID: 7f54e5da8ee4cb54e1cd0e604769d215f15cea2374718bc11fd99751b49c0007
                                                                                                                                                                                                                              • Instruction ID: 03fcc604af8ca313f9eb0538f1d6f6e9b84e73c2f38c7afd11b38abf9c0f3ad3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f54e5da8ee4cb54e1cd0e604769d215f15cea2374718bc11fd99751b49c0007
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C1216926B18A4181EB50EB19F40116AE7A1FF887C4F984531DF6C837E9EE3DD5528750
                                                                                                                                                                                                                              Function 00007FFDFAD3FC10 Relevance: 10.6, APIs: 7, Instructions: 66COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Digest$Update$Final_exInitX_freeX_new
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3927069315-0
                                                                                                                                                                                                                              • Opcode ID: 3583035346c7cd232aab5c19eb5d55da73f0edce0933137d407b6799218f8909
                                                                                                                                                                                                                              • Instruction ID: ea87530a3ea3dbc3ae2ca14fca5d77255ca945c968c10bb2e4b99e0562133415
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3583035346c7cd232aab5c19eb5d55da73f0edce0933137d407b6799218f8909
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1C217122B0974245EB58A716A9B16FE5291EF49FC4F440071FE6E4B7DEEE6CE8818700
                                                                                                                                                                                                                              Function 00007FFDFACFFAE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: C_get_current_jobR_newR_set_debugR_set_error
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c$SSL_do_handshake
                                                                                                                                                                                                                              • API String ID: 2134390360-2964568172
                                                                                                                                                                                                                              • Opcode ID: c91630741219631a69d9c5f3432363629406958cc77146902cc34db31b5e4eda
                                                                                                                                                                                                                              • Instruction ID: 82cb842fd9a3390ca59c8465f272f5f48c155b95a8c227cdcda19dc04f1d5db0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c91630741219631a69d9c5f3432363629406958cc77146902cc34db31b5e4eda
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5321C727F0878241E758DB35E861AAD2361EF98B84F580171EA6D077CEEF3CE5918650
                                                                                                                                                                                                                              Function 00007FFDFACE1C67 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debug
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_lib.c$ssl3_output_cert_chain
                                                                                                                                                                                                                              • API String ID: 193678381-603691555
                                                                                                                                                                                                                              • Opcode ID: 914e99578b8a2340feb2187fde4d968e6669396d9b48054cc406757e69d5e224
                                                                                                                                                                                                                              • Instruction ID: 1dcee6df5d07da0085f8b5381cc8628912d620d227dd9b9f98053c90e193ec6d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 914e99578b8a2340feb2187fde4d968e6669396d9b48054cc406757e69d5e224
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 03218321F1C68245E7989721FD61EBD1250EF94BC0F4440B1EE6D87BCEEE2CD9918700
                                                                                                                                                                                                                              Function 00007FF7F77FA780 Relevance: 10.6, APIs: 7, Instructions: 62COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF7F78024B3,?,?,?,00007FF7F77FCCEC,?,?,00000000,00007FF7F77F386F,?,?,?,00007FF7F77F9473), ref: 00007FF7F77FA78F
                                                                                                                                                                                                                              • FlsGetValue.KERNEL32(?,?,?,00007FF7F78024B3,?,?,?,00007FF7F77FCCEC,?,?,00000000,00007FF7F77F386F,?,?,?,00007FF7F77F9473), ref: 00007FF7F77FA7A4
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF7F78024B3,?,?,?,00007FF7F77FCCEC,?,?,00000000,00007FF7F77F386F,?,?,?,00007FF7F77F9473), ref: 00007FF7F77FA7C5
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF7F78024B3,?,?,?,00007FF7F77FCCEC,?,?,00000000,00007FF7F77F386F,?,?,?,00007FF7F77F9473), ref: 00007FF7F77FA7F2
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF7F78024B3,?,?,?,00007FF7F77FCCEC,?,?,00000000,00007FF7F77F386F,?,?,?,00007FF7F77F9473), ref: 00007FF7F77FA803
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF7F78024B3,?,?,?,00007FF7F77FCCEC,?,?,00000000,00007FF7F77F386F,?,?,?,00007FF7F77F9473), ref: 00007FF7F77FA814
                                                                                                                                                                                                                              • SetLastError.KERNEL32(?,?,?,00007FF7F78024B3,?,?,?,00007FF7F77FCCEC,?,?,00000000,00007FF7F77F386F,?,?,?,00007FF7F77F9473), ref: 00007FF7F77FA82F
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Value$ErrorLast
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2506987500-0
                                                                                                                                                                                                                              • Opcode ID: 78cf2455f8789f49a255dc6ffb64301edc27073bb37ec47cc96fd54928eaf598
                                                                                                                                                                                                                              • Instruction ID: 5aca19d1685103e40434e3e193918f3270211891d167a886057f225e8ee48fcc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 78cf2455f8789f49a255dc6ffb64301edc27073bb37ec47cc96fd54928eaf598
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5F21BA28E2C60241FB69733067419B9E5925F8E7B0F854635EC3E47ACADEACA40342F1
                                                                                                                                                                                                                              Function 00007FFDFAD07C10 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 59COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c$ssl_peek_internal
                                                                                                                                                                                                                              • API String ID: 1552677711-1363730714
                                                                                                                                                                                                                              • Opcode ID: 3bca421143e6903208f4b76cd5e3fc67da27b4d2d9bbfcdf774d270b5de6ef08
                                                                                                                                                                                                                              • Instruction ID: eacabc38019db45da7c85508173e1b0e4ba62732f8ee2322dbe284a37ff11d8a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3bca421143e6903208f4b76cd5e3fc67da27b4d2d9bbfcdf774d270b5de6ef08
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 55218132B08B9581E7189B15E860AAE73A0FB54BC4F584175EEAD07BDDEF3CE551C600
                                                                                                                                                                                                                              Function 00007FFDFABC4B3C Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 52COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038579962.00007FFDFABC1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038551243.00007FFDFABC0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFABC5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC22000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC6E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC71000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC76000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFACD0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038823075.00007FFDFACD3000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038844403.00007FFDFACD5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdfabc0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Arg_$ArgumentCheckPositionalReadyUnicode_
                                                                                                                                                                                                                              • String ID: a unicode character$argument 1$name
                                                                                                                                                                                                                              • API String ID: 3545102714-4190364640
                                                                                                                                                                                                                              • Opcode ID: 98823aa8ffd1578c5263bbca0bedab94c0d76701b0ad0a7228cb953a239c43b9
                                                                                                                                                                                                                              • Instruction ID: 0f7b5c3172e1a1cc339868eed7a0c6623ed2349f6b790c3537795a2a3a98b1aa
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 98823aa8ffd1578c5263bbca0bedab94c0d76701b0ad0a7228cb953a239c43b9
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D9218131B0CA8285EB589F12E568EA97364EB44B88FC941B1DA6D477DDCF2DE945C300
                                                                                                                                                                                                                              Function 00007FFDFABC42B8 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 52COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038579962.00007FFDFABC1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038551243.00007FFDFABC0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFABC5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC22000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC6E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC71000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC76000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFACD0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038823075.00007FFDFACD3000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038844403.00007FFDFACD5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdfabc0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Arg_$ArgumentCheckPositionalReadyUnicode_
                                                                                                                                                                                                                              • String ID: a unicode character$argument 1$decimal
                                                                                                                                                                                                                              • API String ID: 3545102714-2474051849
                                                                                                                                                                                                                              • Opcode ID: f4a4db4005ce5b44fbbedd951a978a9de4f901ebc22dc2e68f9535657243f817
                                                                                                                                                                                                                              • Instruction ID: 0db5256cd8a72aad38ed81ddc0377b31a26bd9ee9d3465f2c6918c7bec568657
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f4a4db4005ce5b44fbbedd951a978a9de4f901ebc22dc2e68f9535657243f817
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FF218E31B1CA4285EB589B12E465DA97360FBC4B88FC94171DA6D477DDCF2CE646C300
                                                                                                                                                                                                                              Function 00007FFDFABC4C8C Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 52COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038579962.00007FFDFABC1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038551243.00007FFDFABC0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFABC5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC22000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC6E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC71000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC76000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFACD0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038823075.00007FFDFACD3000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038844403.00007FFDFACD5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdfabc0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Arg_$ArgumentCheckPositionalReadyUnicode_
                                                                                                                                                                                                                              • String ID: a unicode character$argument 1$numeric
                                                                                                                                                                                                                              • API String ID: 3545102714-2385192657
                                                                                                                                                                                                                              • Opcode ID: 9cf334a25039c3b0788d85340cb18b310c84a749129293f830eaee71995b6e63
                                                                                                                                                                                                                              • Instruction ID: bf41baa15b24ca458ff26de9ca9cc572d35580f33363c5c71e6795e121c589ff
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9cf334a25039c3b0788d85340cb18b310c84a749129293f830eaee71995b6e63
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D421A131B08A8685EB589F12E464EA92360FB44B88FD941B1DA6D437ECCF2CE955C300
                                                                                                                                                                                                                              Function 00007FFDFAD2D9F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debug
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions.c$final_renegotiate
                                                                                                                                                                                                                              • API String ID: 193678381-1135624566
                                                                                                                                                                                                                              • Opcode ID: 038bf7430b83414ac5f2a60801b6f54f255aecb88158a2eaec95641cdd97efe0
                                                                                                                                                                                                                              • Instruction ID: 8283a6f3c5b0e572e447cc833e392ca330521477d219b798c7c52c44c175af31
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 038bf7430b83414ac5f2a60801b6f54f255aecb88158a2eaec95641cdd97efe0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BD11C162F1914286FB5D9754EC66FE82290EFA0740F8040B1DD2D4B6DAFE6CAEC2C610
                                                                                                                                                                                                                              Function 00007FF7F78070EC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                              • String ID: CONOUT$
                                                                                                                                                                                                                              • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                              • Opcode ID: 900c1da012dee1dfb60ea43974335527b3f6c3b56b4e810762f126343bdfd55c
                                                                                                                                                                                                                              • Instruction ID: a757f033f7aa7a51a733a01f6549a9b65a7b69d9fa92861d297062f46de04da7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 900c1da012dee1dfb60ea43974335527b3f6c3b56b4e810762f126343bdfd55c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 31119626728A4186E7509B52E854729AAE0FB48BE5F844234D92E477D4CF7CD4258790
                                                                                                                                                                                                                              Function 00007FFDFACE24DC Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 27COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debugR_set_errormemcpy
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_sess.c$SSL_SESSION_set1_id
                                                                                                                                                                                                                              • API String ID: 1331007688-2576049543
                                                                                                                                                                                                                              • Opcode ID: 762f2e1e1e19e6e1fb59f1e05661a34aa17481e2689df007173984e0b618aad8
                                                                                                                                                                                                                              • Instruction ID: 4a44acd96569b1cf5351a5b7b28516385a2244dc2e666078f775621c4ac250b7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 762f2e1e1e19e6e1fb59f1e05661a34aa17481e2689df007173984e0b618aad8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6EF0825AF2945246F7ACB364DC7AFBC1150EF90340FD444B1E02D03ADEFD5C6A468601
                                                                                                                                                                                                                              Function 00007FFDFACE1DFC Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 27COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debugR_set_errormemcpy
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_sess.c$SSL_SESSION_set1_id_context
                                                                                                                                                                                                                              • API String ID: 1331007688-3187944184
                                                                                                                                                                                                                              • Opcode ID: e5b6be9ce2ef3951e7199fba595092d61ff35a413a7a31c12d1b16be28cc301a
                                                                                                                                                                                                                              • Instruction ID: 8776f23059a7ed0e07e4ead926ace9019d5487773f5b11e5fef1b907fc02dad1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e5b6be9ce2ef3951e7199fba595092d61ff35a413a7a31c12d1b16be28cc301a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A0F05E69F2906645F7ACB7649D7AFA92150EF50340FD040B1E16D03ADEFD9C69864601
                                                                                                                                                                                                                              Function 00007FFDFAD03F90 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 24COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debugR_set_errormemcpy
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c$SSL_set_session_id_context
                                                                                                                                                                                                                              • API String ID: 1331007688-2523474329
                                                                                                                                                                                                                              • Opcode ID: 075034ada3e82c8b3edfce714952a500c026698936c955dec931b29d33340d2a
                                                                                                                                                                                                                              • Instruction ID: a44b969f5d6bd128c969f0b516d2548036df1d5a16122dff9a94af11eb9ccccc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 075034ada3e82c8b3edfce714952a500c026698936c955dec931b29d33340d2a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 23F03066F2855656F36CB374DC66FE82250FF94380FD040B1E11C03ADAFD6DAA964B01
                                                                                                                                                                                                                              Function 00007FF7F77FA8F8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF7F77F6091,?,?,?,?,00007FF7F77FDF1F,?,?,00000000,00007FF7F77FAA16,?,?,?), ref: 00007FF7F77FA907
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF7F77F6091,?,?,?,?,00007FF7F77FDF1F,?,?,00000000,00007FF7F77FAA16,?,?,?), ref: 00007FF7F77FA93D
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF7F77F6091,?,?,?,?,00007FF7F77FDF1F,?,?,00000000,00007FF7F77FAA16,?,?,?), ref: 00007FF7F77FA96A
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF7F77F6091,?,?,?,?,00007FF7F77FDF1F,?,?,00000000,00007FF7F77FAA16,?,?,?), ref: 00007FF7F77FA97B
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF7F77F6091,?,?,?,?,00007FF7F77FDF1F,?,?,00000000,00007FF7F77FAA16,?,?,?), ref: 00007FF7F77FA98C
                                                                                                                                                                                                                              • SetLastError.KERNEL32(?,?,?,00007FF7F77F6091,?,?,?,?,00007FF7F77FDF1F,?,?,00000000,00007FF7F77FAA16,?,?,?), ref: 00007FF7F77FA9A7
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Value$ErrorLast
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2506987500-0
                                                                                                                                                                                                                              • Opcode ID: 62dca5d10fd8524d44a9ca6b61b614a098d57abd4030ec328ef3c17f7e173edc
                                                                                                                                                                                                                              • Instruction ID: ca82b765916957d1c26000411251d7c0c5d0e8a0bbfa388013b1aff32f90c773
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 62dca5d10fd8524d44a9ca6b61b614a098d57abd4030ec328ef3c17f7e173edc
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1911BE28F2C60242F754B3315A415B9E6925F8E7B0F864735EC7E436D6DE6CA44342F1
                                                                                                                                                                                                                              Function 00007FFDFABC4D54 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038579962.00007FFDFABC1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038551243.00007FFDFABC0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFABC5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC22000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC6E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC71000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC76000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFACD0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038823075.00007FFDFACD3000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038844403.00007FFDFACD5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdfabc0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DoubleErr_Float_FromNumericStringSubtypeType_Unicode_
                                                                                                                                                                                                                              • String ID: not a numeric character
                                                                                                                                                                                                                              • API String ID: 1034370217-2058156748
                                                                                                                                                                                                                              • Opcode ID: ae5864331190d99266549655542a2a8f2e04feb98f737cbb9499cc14618bbe38
                                                                                                                                                                                                                              • Instruction ID: a9ea7200ad0a0b41f9b708800419af20c1ea07385859eccc46578174744bd642
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ae5864331190d99266549655542a2a8f2e04feb98f737cbb9499cc14618bbe38
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 53119025B0C94281EB1C9B25A438E3D63A5AF44B88F8641B0C93F476DCDF2CED95C200
                                                                                                                                                                                                                              Function 00007FFDFACE2234 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 48COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c$SSL_set_ct_validation_callback
                                                                                                                                                                                                                              • API String ID: 1552677711-4238296029
                                                                                                                                                                                                                              • Opcode ID: 8462e2679c906cc9e36448615c1024ad7288fc3c80b789c1f52a7dda222a32f6
                                                                                                                                                                                                                              • Instruction ID: b73ec2dd9b228f89990cb37828987a476374c6393b33de6f06b3a4f16e71baec
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8462e2679c906cc9e36448615c1024ad7288fc3c80b789c1f52a7dda222a32f6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D118236B1869242E798DB15F850AAD6360EF94BC4F588071EA5D47BDDEF28D841C700
                                                                                                                                                                                                                              Function 00007FFDFACE22E3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_ctrlR_newR_set_debug
                                                                                                                                                                                                                              • String ID: ..\s\ssl\d1_lib.c$dtls1_check_timeout_num
                                                                                                                                                                                                                              • API String ID: 2442628283-2777391390
                                                                                                                                                                                                                              • Opcode ID: 6f4fd494acee96ba14a5cb940081173fe68ee50fb27bd50b74c5281466100996
                                                                                                                                                                                                                              • Instruction ID: 141f2c79fb62bbd07d31210496537f32c8def88472d84f7ed3021701be156e23
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6f4fd494acee96ba14a5cb940081173fe68ee50fb27bd50b74c5281466100996
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CE116D76F1428185EB98AB66D8A5FFC22A1DF44B40F4401B1DA2D477D9DF2C99908710
                                                                                                                                                                                                                              Function 00007FFDFABC4380 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038579962.00007FFDFABC1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038551243.00007FFDFABC0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFABC5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC22000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC6E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC71000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC76000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFACD0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038823075.00007FFDFACD3000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038844403.00007FFDFACD5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdfabc0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DecimalDigitErr_FromLongLong_StringSubtypeType_Unicode_
                                                                                                                                                                                                                              • String ID: not a decimal
                                                                                                                                                                                                                              • API String ID: 3750391552-3590249192
                                                                                                                                                                                                                              • Opcode ID: 456184b784fa7efc8fe9d8897fb77cbbb081413c450d27b41a848b68105fcfc3
                                                                                                                                                                                                                              • Instruction ID: 0b6463ea20695578636efda9f5c9118e991724c467ab84fca868bf29631fd7d1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 456184b784fa7efc8fe9d8897fb77cbbb081413c450d27b41a848b68105fcfc3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2E115421B1C94281EB188B16E468D3D6395BFC4B98FD645B0C96F876DCDF2CE545C300
                                                                                                                                                                                                                              Function 00007FFDFACE1E56 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c$SSL_CTX_set_ct_validation_callback
                                                                                                                                                                                                                              • API String ID: 1552677711-4243395191
                                                                                                                                                                                                                              • Opcode ID: 833e72798fae53e989be18b4bbba653845ad5a00cf0e6cd5ea979ffdc39eef82
                                                                                                                                                                                                                              • Instruction ID: 6f748419e108681342acf5d9668aeef40097beb47ac860d5cad1597b254ea1cf
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 833e72798fae53e989be18b4bbba653845ad5a00cf0e6cd5ea979ffdc39eef82
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 35019E36B2868141E788DB21F851EAD6360EF547C4F684071FA6D43BDEEF2CE8918700
                                                                                                                                                                                                                              Function 00007FFDFAD07B20 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debug
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c$RSA$ssl_log_rsa_client_key_exchange
                                                                                                                                                                                                                              • API String ID: 193678381-1475867426
                                                                                                                                                                                                                              • Opcode ID: 7283173fcef6759c8348005a7c0138e352bc9521dada6371206699b2f03634c4
                                                                                                                                                                                                                              • Instruction ID: 80c383baf497830e381a388900f404069847da508e9df0db684d4a0424a37b00
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7283173fcef6759c8348005a7c0138e352bc9521dada6371206699b2f03634c4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6CF0C261F1864682E718A761FC61DE92294FFA4780F444070D95C47BDEFE6CE291C700
                                                                                                                                                                                                                              Function 00007FFDFABC46E4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038579962.00007FFDFABC1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038551243.00007FFDFABC0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFABC5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC22000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC6E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC71000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC76000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFACD0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038823075.00007FFDFACD3000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038844403.00007FFDFACD5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdfabc0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Arg_ArgumentReadyUnicode_
                                                                                                                                                                                                                              • String ID: a unicode character$argument$east_asian_width
                                                                                                                                                                                                                              • API String ID: 1875788646-3913127203
                                                                                                                                                                                                                              • Opcode ID: e1dea5a4efee597cabc79f5f4f9b1c361292688d97fad454cab5bbac9e71014d
                                                                                                                                                                                                                              • Instruction ID: ed6d082617f372d2a4313ee1ec59ef6151b3bd8df31cb5ba01ee801a2c90ad51
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e1dea5a4efee597cabc79f5f4f9b1c361292688d97fad454cab5bbac9e71014d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6101AD60B0868381EB5C8B21A968DB92360EF46B98FC651B2D93E476DEDF2CD585C300
                                                                                                                                                                                                                              Function 00007FFDFABC4418 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038579962.00007FFDFABC1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038551243.00007FFDFABC0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFABC5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC22000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC6E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC71000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC76000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFACD0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038823075.00007FFDFACD3000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038844403.00007FFDFACD5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdfabc0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Arg_ArgumentReadyUnicode_
                                                                                                                                                                                                                              • String ID: a unicode character$argument$decomposition
                                                                                                                                                                                                                              • API String ID: 1875788646-2471543666
                                                                                                                                                                                                                              • Opcode ID: ac2962689f343f1b3e1879047209e348276c37b5dff3c3435d3d8175ead54011
                                                                                                                                                                                                                              • Instruction ID: 80e5e592b1ef234bbed9541c7b1162cfb05b9999d644f6371367a021cf77622f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ac2962689f343f1b3e1879047209e348276c37b5dff3c3435d3d8175ead54011
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6301A221B0C64381EB58CB11A868DB92360AF04B98FE51171D93F472DCDE3CD585C300
                                                                                                                                                                                                                              Function 00007FFDFABC2620 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038579962.00007FFDFABC1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038551243.00007FFDFABC0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFABC5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC22000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC6E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC71000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC76000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFACD0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038823075.00007FFDFACD3000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038844403.00007FFDFACD5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdfabc0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Mem_$Capsule_Err_FreeMallocMemory
                                                                                                                                                                                                                              • String ID: unicodedata._ucnhash_CAPI
                                                                                                                                                                                                                              • API String ID: 3673501854-3989975041
                                                                                                                                                                                                                              • Opcode ID: 1ac5af153bf2bbb2bda3b9d9d9136918d1f6bd182a880703478f12c765018ae7
                                                                                                                                                                                                                              • Instruction ID: 52c8d69432fb0cf7724d01aa0b15e9aa562e8086852c46f1d6ce53f0ffb930f2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1ac5af153bf2bbb2bda3b9d9d9136918d1f6bd182a880703478f12c765018ae7
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C7F01460B0DB4395EB099B11A824D7863A8BF58B84FCA15B1C86E073ECEE3CE044D320
                                                                                                                                                                                                                              Function 00007FFDFACE1EB6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c$SSL_read
                                                                                                                                                                                                                              • API String ID: 1552677711-152370140
                                                                                                                                                                                                                              • Opcode ID: 413527c0c843632a2cc43661485ad4fe0a31e86a10a9d4cf189f9a5e4850dff0
                                                                                                                                                                                                                              • Instruction ID: 6fa121bc4305df550deb3c26eb54d7ae0494875c36e7ef2dcbd79ea7eaa0f84e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 413527c0c843632a2cc43661485ad4fe0a31e86a10a9d4cf189f9a5e4850dff0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54F0F056F0914246E318AB34EC73EE82260EF60750FD040B1E62D43ADBFE5DEA468A00
                                                                                                                                                                                                                              Function 00007FFDFACEDD20 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                              • String ID: ..\s\ssl\s3_lib.c$ssl3_ctx_ctrl
                                                                                                                                                                                                                              • API String ID: 1552677711-780421027
                                                                                                                                                                                                                              • Opcode ID: 66d4e7c6d30f0315dfed6ebc710f999e3b2f80767fb95eceb4b7b5190110eab5
                                                                                                                                                                                                                              • Instruction ID: a51a5394ef6044cdab69df2bbe022184ad53fafe9183454accd69e3bdcf86e6e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 66d4e7c6d30f0315dfed6ebc710f999e3b2f80767fb95eceb4b7b5190110eab5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0BF0ECAAF2C541C1EBA9CB20E8A1DFD2220EF043C4F901072DA2D076CEEE28D980C300
                                                                                                                                                                                                                              Function 00007FFDFACFBB30 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 15COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c$ssl_undefined_function
                                                                                                                                                                                                                              • API String ID: 1552677711-2204979087
                                                                                                                                                                                                                              • Opcode ID: 56e15a37842fe0dd599d6c964779cc2f16a4635d9b4f78df93a97c8c002367dd
                                                                                                                                                                                                                              • Instruction ID: c756fc6529711b3cfe974c9a3d63166dc4803e622688268be33b973242d47b94
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 56e15a37842fe0dd599d6c964779cc2f16a4635d9b4f78df93a97c8c002367dd
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CBE0EC56F2815256E358B774AC66DE91250EF60350FD040B1E51C43ADAEE6CA9868740
                                                                                                                                                                                                                              Function 00007FFDFACFBAD0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 15COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c$ssl_undefined_function
                                                                                                                                                                                                                              • API String ID: 1552677711-2204979087
                                                                                                                                                                                                                              • Opcode ID: a890c7a6ce92884863d797033b923ca2f477f9b754829e71e2c510313747f760
                                                                                                                                                                                                                              • Instruction ID: c756fc6529711b3cfe974c9a3d63166dc4803e622688268be33b973242d47b94
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a890c7a6ce92884863d797033b923ca2f477f9b754829e71e2c510313747f760
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CBE0EC56F2815256E358B774AC66DE91250EF60350FD040B1E51C43ADAEE6CA9868740
                                                                                                                                                                                                                              Function 00007FFDFACFBA70 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 15COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c$ssl_undefined_function
                                                                                                                                                                                                                              • API String ID: 1552677711-2204979087
                                                                                                                                                                                                                              • Opcode ID: ad13ed55bfa56bdfb604f0a7537003d1c24469e83d093fb3ba2bee9aa2a07846
                                                                                                                                                                                                                              • Instruction ID: c756fc6529711b3cfe974c9a3d63166dc4803e622688268be33b973242d47b94
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ad13ed55bfa56bdfb604f0a7537003d1c24469e83d093fb3ba2bee9aa2a07846
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CBE0EC56F2815256E358B774AC66DE91250EF60350FD040B1E51C43ADAEE6CA9868740
                                                                                                                                                                                                                              Function 00007FFDFACFBC50 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 15COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c$ssl_undefined_function
                                                                                                                                                                                                                              • API String ID: 1552677711-2204979087
                                                                                                                                                                                                                              • Opcode ID: b2d1405cb58b5c5623c5942482346337c1b790aa5a6a1e377cca11eeeae03d46
                                                                                                                                                                                                                              • Instruction ID: c756fc6529711b3cfe974c9a3d63166dc4803e622688268be33b973242d47b94
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b2d1405cb58b5c5623c5942482346337c1b790aa5a6a1e377cca11eeeae03d46
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CBE0EC56F2815256E358B774AC66DE91250EF60350FD040B1E51C43ADAEE6CA9868740
                                                                                                                                                                                                                              Function 00007FFDFACFBBF0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 15COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c$ssl_undefined_function
                                                                                                                                                                                                                              • API String ID: 1552677711-2204979087
                                                                                                                                                                                                                              • Opcode ID: e5d4594d72a90c4b0a88b7a81742d8e3e940df2a3f5ae6a7e67ec0bc632beab9
                                                                                                                                                                                                                              • Instruction ID: c756fc6529711b3cfe974c9a3d63166dc4803e622688268be33b973242d47b94
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e5d4594d72a90c4b0a88b7a81742d8e3e940df2a3f5ae6a7e67ec0bc632beab9
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CBE0EC56F2815256E358B774AC66DE91250EF60350FD040B1E51C43ADAEE6CA9868740
                                                                                                                                                                                                                              Function 00007FFDFACFBB90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 15COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c$ssl_undefined_function
                                                                                                                                                                                                                              • API String ID: 1552677711-2204979087
                                                                                                                                                                                                                              • Opcode ID: 65a5335adb7ccc48d9f4ade7c086427e4461d71b89b18bf355e8d4f3e0295113
                                                                                                                                                                                                                              • Instruction ID: c756fc6529711b3cfe974c9a3d63166dc4803e622688268be33b973242d47b94
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 65a5335adb7ccc48d9f4ade7c086427e4461d71b89b18bf355e8d4f3e0295113
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CBE0EC56F2815256E358B774AC66DE91250EF60350FD040B1E51C43ADAEE6CA9868740
                                                                                                                                                                                                                              Function 00007FFDFACEDCDE Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 15COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                              • String ID: ..\s\ssl\s3_lib.c$ssl3_ctx_ctrl
                                                                                                                                                                                                                              • API String ID: 1552677711-780421027
                                                                                                                                                                                                                              • Opcode ID: f37569fc868ba7783e70e09dc8272ee77bab95bbde8dc9a640cd8282b2e93219
                                                                                                                                                                                                                              • Instruction ID: bc4a8a37eab10d2b2c17bd718a63c29a7c66579bb48a229cdb9f63ec9358e6b1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f37569fc868ba7783e70e09dc8272ee77bab95bbde8dc9a640cd8282b2e93219
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 73E0EC5AF2C0429AE358A724EC61DB91220EF54384B9014B2E52D536DAEE6DE985C641
                                                                                                                                                                                                                              Function 00007FFDFACFBA10 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 15COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c$ssl_undefined_function
                                                                                                                                                                                                                              • API String ID: 1552677711-2204979087
                                                                                                                                                                                                                              • Opcode ID: f10b79996c2a92eca45b8211c9476f5ccabb41adeda706c1bd57ea5441c51930
                                                                                                                                                                                                                              • Instruction ID: c756fc6529711b3cfe974c9a3d63166dc4803e622688268be33b973242d47b94
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f10b79996c2a92eca45b8211c9476f5ccabb41adeda706c1bd57ea5441c51930
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CBE0EC56F2815256E358B774AC66DE91250EF60350FD040B1E51C43ADAEE6CA9868740
                                                                                                                                                                                                                              Function 00007FF7F7808824 Relevance: 7.6, APIs: 5, Instructions: 56COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _set_statfp
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1156100317-0
                                                                                                                                                                                                                              • Opcode ID: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                                                                                                                                                                              • Instruction ID: 922998db7a3b7e0c4178655c5631f7d835491702c3c7cc57bea2dd9345106703
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7511512EE78A1345F7583128D845375D9C16F64376FC80638E97E46ADBCE2CA8F341A1
                                                                                                                                                                                                                              Function 00007FF7F77FA854 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7F78024B3,?,?,?,00007FF7F77FCCEC,?,?,00000000,00007FF7F77F386F), ref: 00007FF7F77FA865
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7F78024B3,?,?,?,00007FF7F77FCCEC,?,?,00000000,00007FF7F77F386F), ref: 00007FF7F77FA884
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7F78024B3,?,?,?,00007FF7F77FCCEC,?,?,00000000,00007FF7F77F386F), ref: 00007FF7F77FA8AC
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7F78024B3,?,?,?,00007FF7F77FCCEC,?,?,00000000,00007FF7F77F386F), ref: 00007FF7F77FA8BD
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7F78024B3,?,?,?,00007FF7F77FCCEC,?,?,00000000,00007FF7F77F386F), ref: 00007FF7F77FA8CE
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Value
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3702945584-0
                                                                                                                                                                                                                              • Opcode ID: 22c838abe64280046e65700e1fb081e145edbc5aabc1c6ea6e91899ef1423157
                                                                                                                                                                                                                              • Instruction ID: 7e81cefa5926ba25515ede177ffb092f54efae9f56906b8223aeb425bbe8ad04
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 22c838abe64280046e65700e1fb081e145edbc5aabc1c6ea6e91899ef1423157
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 33113A18E3820341FB5A72755A52AF9D1925F4A370F890739DC3E4A2C2EDACB44342F2
                                                                                                                                                                                                                              Function 00007FFDFAD118E8 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 214COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_new$R_set_debugX_new$X_free
                                                                                                                                                                                                                              • String ID: ..\s\ssl\t1_enc.c$tls1_change_cipher_state
                                                                                                                                                                                                                              • API String ID: 1274617517-2635170098
                                                                                                                                                                                                                              • Opcode ID: 11893891339bedcbcdfa3c6335f844c190b9662246a9e644dbcde81bbd9d68e5
                                                                                                                                                                                                                              • Instruction ID: f979432cab580d9b88a3d5c1c6b5425b11ac15257fd9c4345abbf3dfd4281fa6
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 11893891339bedcbcdfa3c6335f844c190b9662246a9e644dbcde81bbd9d68e5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BF310872718A8196E35DCB2ADDA0BA93790FB48794F444135EE2C43794DF39E5A2CB00
                                                                                                                                                                                                                              Function 00007FF7F77ED7C4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                              • String ID: csm$csm
                                                                                                                                                                                                                              • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                              • Opcode ID: a3990994d2fbb822c09bdc2a35b5fa2b647080e9aebb1a5b00e12dffe7bfe986
                                                                                                                                                                                                                              • Instruction ID: 037bac6c8b23283bb62497363e19590273afb48666965a025737441e0a21213f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a3990994d2fbb822c09bdc2a35b5fa2b647080e9aebb1a5b00e12dffe7bfe986
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9D51C43A92C24286EB64AF159844378B7A0FB49B94F944135DEAC47BC5CF3CE452C7B2
                                                                                                                                                                                                                              Function 00007FFDFAD3FED9 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 128COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debug
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_clnt.c$ossl_statem_client13_write_transition
                                                                                                                                                                                                                              • API String ID: 193678381-2379272181
                                                                                                                                                                                                                              • Opcode ID: 78c03381107161e6891b4a7d282f618feeb1984902041f35ffddb03e38dfa46b
                                                                                                                                                                                                                              • Instruction ID: d5f5b8ed8521f54a29ae792eaa163e6f50429ec6ce9d3666e0983f4db592f30d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 78c03381107161e6891b4a7d282f618feeb1984902041f35ffddb03e38dfa46b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7DF02B62F1904246E3089764ECA5EF86350DF54744F1084B1ED2E876EAEE6CD6938700
                                                                                                                                                                                                                              Function 00007FFDFACE10AA Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 82COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debug
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_sig_algs
                                                                                                                                                                                                                              • API String ID: 193678381-4035473336
                                                                                                                                                                                                                              • Opcode ID: 0fc95b593a472a391077f9a7742681c5ba4d6ea753660da53609ad7e5b5eb1f9
                                                                                                                                                                                                                              • Instruction ID: 151f8bb74816564fc6e35f26714b638c7ee8689221acabf56f2147b9f8b16d71
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0fc95b593a472a391077f9a7742681c5ba4d6ea753660da53609ad7e5b5eb1f9
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7E317461B0828281FB589716EA61BFD6255EF94BC4F580071EE6D47BDAEE2CDDC28700
                                                                                                                                                                                                                              Function 00007FFDFACE23D3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 80COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_srp
                                                                                                                                                                                                                              • API String ID: 0-2342567248
                                                                                                                                                                                                                              • Opcode ID: 04ae37fe526f8988199cd749ce5ae6a507ea1990f9e2e9586ec364012d1aa6aa
                                                                                                                                                                                                                              • Instruction ID: 02623e49e15a2fd839002b9f3292c5fc847e60f8766e23a2f6e583a9c9779c5e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 04ae37fe526f8988199cd749ce5ae6a507ea1990f9e2e9586ec364012d1aa6aa
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 12214151F1824341FB58AB26EE65FFA1250EF50BC0F5810B0D9AD4BACAED5DE8D18240
                                                                                                                                                                                                                              Function 00007FFDFACE2220 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_construct_stoc_renegotiate
                                                                                                                                                                                                                              • API String ID: 0-2728901138
                                                                                                                                                                                                                              • Opcode ID: cf738bbd052664f1972163c08f32e3213573d88c1c7d60971618b95c7380825e
                                                                                                                                                                                                                              • Instruction ID: cb37e68321a666eb9c4490e392543ba99912e1c3703ec00571600a02b1d4f854
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cf738bbd052664f1972163c08f32e3213573d88c1c7d60971618b95c7380825e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D7213055F1824341FB9CA726A975FF95291EF90BC8F481070DE294BACAEE6DE9D1C300
                                                                                                                                                                                                                              Function 00007FFDFACE1AF0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debug
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_construct_stoc_next_proto_neg
                                                                                                                                                                                                                              • API String ID: 193678381-2301358877
                                                                                                                                                                                                                              • Opcode ID: 479410db84dfc08b3a3fbfc246bd02d1e11dedaa23e0862ac9f9c084813f645a
                                                                                                                                                                                                                              • Instruction ID: 325acb5d8332e90f62544988de6a0b5843c08292f690d892c7c54ce09425127e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 479410db84dfc08b3a3fbfc246bd02d1e11dedaa23e0862ac9f9c084813f645a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4221D766B0824286EB54CB15E961BED6360EF847C8F444171DE5C477DAEF3DDA81C700
                                                                                                                                                                                                                              Function 00007FFDFACE1866 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debug
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_construct_stoc_maxfragmentlen
                                                                                                                                                                                                                              • API String ID: 193678381-2570358037
                                                                                                                                                                                                                              • Opcode ID: 66d91b00dfff9d6cac1da16f06c23946d5c2659713d975b06102a26cfaa6d4af
                                                                                                                                                                                                                              • Instruction ID: 6bee660c001fab13949ec8d882dd48dc5d714bde7c84ee6a0f440a6c59b73c1c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 66d91b00dfff9d6cac1da16f06c23946d5c2659713d975b06102a26cfaa6d4af
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2B11AE25B0828342EB589726ED60FF95250EF98B84F080070ED6D47ACAEE6DE9D0C610
                                                                                                                                                                                                                              Function 00007FFDFACE1AA5 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debug
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_construct_stoc_server_name
                                                                                                                                                                                                                              • API String ID: 193678381-1140354471
                                                                                                                                                                                                                              • Opcode ID: 1c09caff9edc333153a2eaee168b008143f5da70202d0705fb002d8269b3cea2
                                                                                                                                                                                                                              • Instruction ID: b23c855abc3de665a098af82cd5dc7c8c53a9301e389f0c9ca15f4713a0681fc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c09caff9edc333153a2eaee168b008143f5da70202d0705fb002d8269b3cea2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4311A866B0828142EB6CD71AF8B6FF96650EF44B88F584070D92D876DAEF2CD9C1C700
                                                                                                                                                                                                                              Function 00007FFDFACE2383 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_construct_stoc_psk
                                                                                                                                                                                                                              • API String ID: 0-812599056
                                                                                                                                                                                                                              • Opcode ID: 62299609a353e2b5ef35ccc3493c89706b4d7e1fca1eb8cff1bff2aecc987eee
                                                                                                                                                                                                                              • Instruction ID: 5eab24f89e5026c4ef27ee75264d7c2a6e5b9414d9820b780e6b5dadeb343c52
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 62299609a353e2b5ef35ccc3493c89706b4d7e1fca1eb8cff1bff2aecc987eee
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F5116356B1820281FB589716FDA5FF96254EF94BC4F480071D92D4B6CBEE6CE9D1C700
                                                                                                                                                                                                                              Function 00007FFDFAD2DF30 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debug
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions.c$final_ec_pt_formats
                                                                                                                                                                                                                              • API String ID: 193678381-2396170231
                                                                                                                                                                                                                              • Opcode ID: bb156bd4fdb791c442496d84e4c00ab8be9fd3ef7cfd3ec02f7aeec5257dd178
                                                                                                                                                                                                                              • Instruction ID: 72391c33f8613ae4aa938c746f7561483962fd43504d589acdc479d39007cd98
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bb156bd4fdb791c442496d84e4c00ab8be9fd3ef7cfd3ec02f7aeec5257dd178
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 99119062F0828244EB5D9E15D868FF822D0EF41B48F5840B5DABD476C9EF6D99C2C214
                                                                                                                                                                                                                              Function 00007FFDFABC1EF0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • PyErr_SetString.PYTHON311(?,?,?,?,?,00007FFDFABC1EDC), ref: 00007FFDFABC3B6F
                                                                                                                                                                                                                                • Part of subcall function 00007FFDFABC1FD0: strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDFABC2008
                                                                                                                                                                                                                                • Part of subcall function 00007FFDFABC1FD0: strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDFABC2026
                                                                                                                                                                                                                              • PyErr_Format.PYTHON311 ref: 00007FFDFABC1F53
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038579962.00007FFDFABC1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038551243.00007FFDFABC0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFABC5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC22000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC6E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC71000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC76000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFACD0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038823075.00007FFDFACD3000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038844403.00007FFDFACD5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdfabc0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_strncmp$FormatString
                                                                                                                                                                                                                              • String ID: name too long$undefined character name '%s'
                                                                                                                                                                                                                              • API String ID: 3882229318-4056717002
                                                                                                                                                                                                                              • Opcode ID: 8b8c9c862c8556266a26c0415d30d38fd4fd6db163ae40366dde064f1277ed55
                                                                                                                                                                                                                              • Instruction ID: bb9f7abdf7a08502f68b2e0b65d3fc6b132335f2ba60cbc461f87301d4d6a7c0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8b8c9c862c8556266a26c0415d30d38fd4fd6db163ae40366dde064f1277ed55
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 61112175B1C947C6EB048B14E8A4EB863A4FB88749FC105B1CA2E472E8DF6DE54AC700
                                                                                                                                                                                                                              Function 00007FFDFACE1D34 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debug
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_srvr.c$tls_construct_cert_status_body
                                                                                                                                                                                                                              • API String ID: 193678381-3528029177
                                                                                                                                                                                                                              • Opcode ID: d4832a875a2591345694a5c32de6f010ab870ddefbfa5f753833915883155bba
                                                                                                                                                                                                                              • Instruction ID: a35438b42f271423274e35292166494ec8189adbc6a3b4dcfaeec20778aeb3bb
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d4832a875a2591345694a5c32de6f010ab870ddefbfa5f753833915883155bba
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2101B56AF1824285E7589726EDA1FFD1354EF44BC4F840071ED2D4BBCAEE5CE9818740
                                                                                                                                                                                                                              Function 00007FFDFAD1DBC0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_printf
                                                                                                                                                                                                                              • String ID: %02X$%s (len=%d):
                                                                                                                                                                                                                              • API String ID: 601296420-4138326432
                                                                                                                                                                                                                              • Opcode ID: b1cb416e2851fcbc60b331d1da5903dd760c6e579c2d8ee3c5d157f5ed3d965a
                                                                                                                                                                                                                              • Instruction ID: c2f6e8d62656a9b3ace23f16b54cd3d92f9b7be63efe5d275e5271d522274d7a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b1cb416e2851fcbc60b331d1da5903dd760c6e579c2d8ee3c5d157f5ed3d965a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7F018426B1975285E708AB56B9608A8A721EB44FC0F485071EE9D07BDEEFACD542CB00
                                                                                                                                                                                                                              Function 00007FFDFACE1276 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debug
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_lib.c$tls_construct_key_update
                                                                                                                                                                                                                              • API String ID: 193678381-4067644432
                                                                                                                                                                                                                              • Opcode ID: 8db60c85965691e7f6c63b2c68791f8f38c483b493a0c8dbaf0a587cdf3cbeaa
                                                                                                                                                                                                                              • Instruction ID: 42eecdc4930ddc1d2ae8882651b48805fa64997797f1aa02cfb2c1605b3ff4e4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8db60c85965691e7f6c63b2c68791f8f38c483b493a0c8dbaf0a587cdf3cbeaa
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BBF024A1F1914246FB6CA765AC65FF82240DF54794F444071ED2C473CAFF6CAA918700
                                                                                                                                                                                                                              Function 00007FFDFACE14C4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debug
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_lib.c$tls_construct_change_cipher_spec
                                                                                                                                                                                                                              • API String ID: 193678381-1954653785
                                                                                                                                                                                                                              • Opcode ID: 67da6c88f9a5e0e8ea380c606c4c1c9e185533fa094ec222dce6f684db2fd5bc
                                                                                                                                                                                                                              • Instruction ID: b362349fcdea99b9d094164e4d57d4be6b55099dd8d107ca5d614fc6ca8c72e6
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 67da6c88f9a5e0e8ea380c606c4c1c9e185533fa094ec222dce6f684db2fd5bc
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 04F08295F1810256F76DA361AC65FF80140DFA8B80F4440B1EC2C877DAFE5CAA91C250
                                                                                                                                                                                                                              Function 00007FFDFAD1D94A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_printf$O_indent
                                                                                                                                                                                                                              • String ID: %s (%d)$unexpected value
                                                                                                                                                                                                                              • API String ID: 1715996925-1289549259
                                                                                                                                                                                                                              • Opcode ID: a504f1d434ba6c65c5e8a6b1ab9fcb885afd620bd6019b5a06ca0e9c45058178
                                                                                                                                                                                                                              • Instruction ID: 4bec884eb9e9907cec1018562fe37e0578a262dcb505660c90bcfa69c24a858a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a504f1d434ba6c65c5e8a6b1ab9fcb885afd620bd6019b5a06ca0e9c45058178
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 99F0AF62B0C602A5F72C9B11EC20DB82271FB41B80F8441B1E8BD076EDBF2CA602C200
                                                                                                                                                                                                                              Function 00007FFDFACE1C7B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debug
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_srvr.c$ossl_statem_server_construct_message
                                                                                                                                                                                                                              • API String ID: 193678381-3648037868
                                                                                                                                                                                                                              • Opcode ID: 2847354186164e0ced2237fd8c2924122173ee91fe12d2b52edaaef03b5c9312
                                                                                                                                                                                                                              • Instruction ID: 3d3bff73af87ea4baf0838d036b256622b5839ea20ff3e6b4e6d20fdf32c2adb
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2847354186164e0ced2237fd8c2924122173ee91fe12d2b52edaaef03b5c9312
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8DF0B4A6F181028AF7089368ECB5EFC2311EF54784F904571D62D836DAFE6DE952C600
                                                                                                                                                                                                                              Function 00007FFDFACE1B68 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debug
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_parse_ctos_post_handshake_auth
                                                                                                                                                                                                                              • API String ID: 193678381-3813554763
                                                                                                                                                                                                                              • Opcode ID: 42582332cc600c45170856f7b17b54c30808b3af9570bc151518095f9b0b0961
                                                                                                                                                                                                                              • Instruction ID: d6dd2c06a8eb23a2236a25a4d2cf7cba8821db2864c72b75b19b250df214e48a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 42582332cc600c45170856f7b17b54c30808b3af9570bc151518095f9b0b0961
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7CF0A7B6F0610646F35CA764EC69FF92250DF50740F840470D62D476CAFF6DA9D28600
                                                                                                                                                                                                                              Function 00007FFDFAD41D05 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debug
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_clnt.c$ossl_statem_client13_write_transition
                                                                                                                                                                                                                              • API String ID: 193678381-2379272181
                                                                                                                                                                                                                              • Opcode ID: c943ffe8eca7014826965a590081ef51340d3a7540198e026d4980f503ea26a0
                                                                                                                                                                                                                              • Instruction ID: ca87ddbc6300bce2ff4e6f3859f88e0996d58a77a7586eb758102d6396629eb3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c943ffe8eca7014826965a590081ef51340d3a7540198e026d4980f503ea26a0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C6E0D831F1C14396E7589B51FDA1DE86300EF40780F400071D52E475DEDE7CD9558700
                                                                                                                                                                                                                              Function 00007FFDFAD3FF99 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: R_newR_set_debug
                                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_clnt.c$ossl_statem_client13_write_transition
                                                                                                                                                                                                                              • API String ID: 193678381-2379272181
                                                                                                                                                                                                                              • Opcode ID: b521c1e7b1fd2978dce34177fe34b512ac70ad0315c5ed75fe4ddcceb94ffd72
                                                                                                                                                                                                                              • Instruction ID: b20317d1b24af266af8af27b3cce298d38c7c3b755237f36b6a63404fbfc0e47
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b521c1e7b1fd2978dce34177fe34b512ac70ad0315c5ed75fe4ddcceb94ffd72
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54E0E631F1D14396E75C9760EC71DE82350DF50794F4044B1D51E475D9EE6D9A968B00
                                                                                                                                                                                                                              Function 00007FFDFABC1FD0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 173stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038579962.00007FFDFABC1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038551243.00007FFDFABC0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFABC5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC22000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC6E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC71000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC76000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFACD0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038823075.00007FFDFACD3000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038844403.00007FFDFACD5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdfabc0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strncmp
                                                                                                                                                                                                                              • String ID: CJK UNIFIED IDEOGRAPH-$HANGUL SYLLABLE
                                                                                                                                                                                                                              • API String ID: 1114863663-87138338
                                                                                                                                                                                                                              • Opcode ID: 315690625b96ec968e0fd3bff09a411a7d33ab15bbea3d9f0de0a272eac0e1aa
                                                                                                                                                                                                                              • Instruction ID: a504ec5ea815097af341387a4e963b403b2b36abd4a4041b5c28d42cf0540f72
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 315690625b96ec968e0fd3bff09a411a7d33ab15bbea3d9f0de0a272eac0e1aa
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AF61D572B1864246E7689A19E820E7AA792FB80790FC64276EA7D477CDDF3CD501D700
                                                                                                                                                                                                                              Function 00007FFDFACE1E38 Relevance: 6.0, APIs: 4, Instructions: 40timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2933794660-0
                                                                                                                                                                                                                              • Opcode ID: f2fe9e9e416d208c9b0049020b713772c271f3b0cb7de3c7832740f2b56a75eb
                                                                                                                                                                                                                              • Instruction ID: 416da9d4e48f254785243db325fb4a612ab9331769e21a1117bdbc7a6db8dcdd
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f2fe9e9e416d208c9b0049020b713772c271f3b0cb7de3c7832740f2b56a75eb
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 86110A22B14B018AEB44CB60EC656B833B4FB19758F441A31DA6D877A8EF78D1948340
                                                                                                                                                                                                                              Function 00007FFDFABC2C0C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038579962.00007FFDFABC1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038551243.00007FFDFABC0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFABC5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC22000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC6E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC71000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC76000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFACD0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038823075.00007FFDFACD3000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038844403.00007FFDFACD5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdfabc0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2933794660-0
                                                                                                                                                                                                                              • Opcode ID: 82f0f9c915ca38b27df9a13535bd7a8d6766dc117c9a79f3edaf6f20f04facae
                                                                                                                                                                                                                              • Instruction ID: 2537d6d634428d03516e9e4ed0f748845e1d6c7c5dda9c9ab1ae127813fd7a2c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 82f0f9c915ca38b27df9a13535bd7a8d6766dc117c9a79f3edaf6f20f04facae
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 75113026B58F0599EB00CF61E8646B933A4FB19758F440E31DA7D867A8DF7CE198C380
                                                                                                                                                                                                                              Function 00007FFDFAD07F90 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: X_free$DigestInit_exX_new
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4262507187-0
                                                                                                                                                                                                                              • Opcode ID: 37dcc51668c9552d60ee1c2baa3e67fd79e7f78956d8da00a64be51cc2fe8bbd
                                                                                                                                                                                                                              • Instruction ID: 6f4888ae39658f51ebcc90b17198aa5c6aefdd447158b3b5db9690e121b907b7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 37dcc51668c9552d60ee1c2baa3e67fd79e7f78956d8da00a64be51cc2fe8bbd
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8BF04462B18A0244EB899B75ED61B7C62E0EF44FC4F488071EA1D8B7DEFE6CD4518701
                                                                                                                                                                                                                              Function 00007FF7F7804DBC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: ?
                                                                                                                                                                                                                              • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                              • Opcode ID: 7a76fc5472fa01dafaf21516cddcde8ab34b2c46cd3e7f8dd598f321934e5d52
                                                                                                                                                                                                                              • Instruction ID: 23b508b05e0fa100e0b04906070e92fc24f101b13797274caa614cd0c1fb1c94
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7a76fc5472fa01dafaf21516cddcde8ab34b2c46cd3e7f8dd598f321934e5d52
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E5412B26A2828245FB20AB259501379DAD0EF81BA5F944235EE7C07AD9DF3CD453C790
                                                                                                                                                                                                                              Function 00007FF7F77F7FD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F77F8002
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F77F9F78: HeapFree.KERNEL32(?,?,?,00007FF7F7801EC2,?,?,?,00007FF7F7801EFF,?,?,00000000,00007FF7F78023C5,?,?,00000000,00007FF7F78022F7), ref: 00007FF7F77F9F8E
                                                                                                                                                                                                                                • Part of subcall function 00007FF7F77F9F78: GetLastError.KERNEL32(?,?,?,00007FF7F7801EC2,?,?,?,00007FF7F7801EFF,?,?,00000000,00007FF7F78023C5,?,?,00000000,00007FF7F78022F7), ref: 00007FF7F77F9F98
                                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF7F77EA485), ref: 00007FF7F77F8020
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: C:\Users\user\Desktop\GV7DzNoqCI.exe
                                                                                                                                                                                                                              • API String ID: 3580290477-716746308
                                                                                                                                                                                                                              • Opcode ID: 83176ff4db4dd0536c3ddf35c800fe3e17928d2d4ec44ff73abd72510ae6e28f
                                                                                                                                                                                                                              • Instruction ID: 5edb39f6ab2e661191e262ec7d28f4f855183e4caaf57de37aa356f6d70fd918
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 83176ff4db4dd0536c3ddf35c800fe3e17928d2d4ec44ff73abd72510ae6e28f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 14414D3AA28A0286E714BF25DA410F9A6A4EF487D4BD44035ED6E43BD5DF38D492C7E0
                                                                                                                                                                                                                              Function 00007FFDFACE182A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: D_bytes_ex_time64
                                                                                                                                                                                                                              • String ID: DOWNGRD
                                                                                                                                                                                                                              • API String ID: 2101710396-2922851170
                                                                                                                                                                                                                              • Opcode ID: f6d67c190e77e798052bc447661e4371ffaf2059aa6f14a98b87bb3de26420c3
                                                                                                                                                                                                                              • Instruction ID: 655c0d5056e477d1ddd5cf3aab12c5ac0d33ccb2cdadf708e4ef6fbcc64949a1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f6d67c190e77e798052bc447661e4371ffaf2059aa6f14a98b87bb3de26420c3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B821F626B1C68282E74C8B26A9A056D6791FB887C4F484075EB5F47789DE2CDCA0C340
                                                                                                                                                                                                                              Function 00007FFDFACE8000 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68timeCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Time$System$File
                                                                                                                                                                                                                              • String ID: gfff
                                                                                                                                                                                                                              • API String ID: 2838179519-1553575800
                                                                                                                                                                                                                              • Opcode ID: c968c355feb94c5b440177db6edb28bb9214d3af88eb205657e6bed885a85f80
                                                                                                                                                                                                                              • Instruction ID: dbd91c307ffbcd014109743e3e5f10b50566f50cd937f8d25ab1793a05b27a4b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c968c355feb94c5b440177db6edb28bb9214d3af88eb205657e6bed885a85f80
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 87210672B0868685DB98CF29E86077D76E4EB88B84F44C075DA5D87798EE3CE580C700
                                                                                                                                                                                                                              Function 00007FF7F77FF08C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2037314232.00007FF7F77E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F77E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037285651.00007FF7F77E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037352249.00007FF7F780A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F781D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F7820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037391191.00007FF7F782C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2037478479.00007FF7F782E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff7f77e0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: :
                                                                                                                                                                                                                              • API String ID: 2595371189-336475711
                                                                                                                                                                                                                              • Opcode ID: 231bdef7d4e4c9a314d514652501e8a1bb3d1d6653b2e53c967e9d93a887682d
                                                                                                                                                                                                                              • Instruction ID: 3347086cbb5ed65c5a8ca9a89bed95d480887660882141912767fc5000a17630
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 231bdef7d4e4c9a314d514652501e8a1bb3d1d6653b2e53c967e9d93a887682d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4F018469A3864285F720BF6095516BEA3A0EF48704FC41036D97D826C5DE3CD5468AF5
                                                                                                                                                                                                                              Function 00007FFDFABC4C04 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038579962.00007FFDFABC1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038551243.00007FFDFABC0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFABC5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC22000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC6E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC71000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC76000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFACD0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038823075.00007FFDFACD3000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038844403.00007FFDFACD5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdfabc0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: String$Err_FromUnicode_
                                                                                                                                                                                                                              • String ID: no such name
                                                                                                                                                                                                                              • API String ID: 3678473424-4211486178
                                                                                                                                                                                                                              • Opcode ID: 3cee85899810c21b61c883871248d1595a37fae7423a3e6c68c232458049210f
                                                                                                                                                                                                                              • Instruction ID: 26aaef37c6f257506bcc05b4d4477c6640695e543393688984c8c9a6e4ddad3f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3cee85899810c21b61c883871248d1595a37fae7423a3e6c68c232458049210f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 71016D75B1CA4281EB249B11E879FBA6364BF98B48FC10071DE6E467E8DF2CE204D600
                                                                                                                                                                                                                              Function 00007FFDFAD419F2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038889738.00007FFDFACE1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFACE0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038867362.00007FFDFACE0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038889738.00007FFDFAD62000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038977136.00007FFDFAD64000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039012771.00007FFDFAD8C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD91000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2039036679.00007FFDFAD9F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdface0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: O_clear_flagsO_set_flags
                                                                                                                                                                                                                              • String ID: )
                                                                                                                                                                                                                              • API String ID: 3946675294-2427484129
                                                                                                                                                                                                                              • Opcode ID: 438bc311c8937f7332016279d50082aef9247e6290f68b5c09461b6884c0945f
                                                                                                                                                                                                                              • Instruction ID: 816d96f4391b4e229f10a622f5598ce5a809d65cc42207f1613e2b0e60b56736
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 438bc311c8937f7332016279d50082aef9247e6290f68b5c09461b6884c0945f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D8F09622B0824246EB98DF15E491B7C2391EB88BC4F145074DE6D4B7CAEF7CD9858700
                                                                                                                                                                                                                              Function 00007FFDFABC25B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • _PyObject_GC_New.PYTHON311(?,?,00000000,00007FFDFABC2533), ref: 00007FFDFABC25B6
                                                                                                                                                                                                                              • PyObject_GC_Track.PYTHON311(?,?,00000000,00007FFDFABC2533), ref: 00007FFDFABC25E8
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000002.00000002.2038579962.00007FFDFABC1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFDFABC0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038551243.00007FFDFABC0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFABC5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC22000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC6E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC71000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFAC76000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038611474.00007FFDFACD0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038823075.00007FFDFACD3000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000002.00000002.2038844403.00007FFDFACD5000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffdfabc0000_GV7DzNoqCI.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Object_$Track
                                                                                                                                                                                                                              • String ID: 3.2.0
                                                                                                                                                                                                                              • API String ID: 16854473-1786766648
                                                                                                                                                                                                                              • Opcode ID: 767dd7ab98994f43239e4e329e749c2ad7475791c86a6fb4d160e6b955e6c056
                                                                                                                                                                                                                              • Instruction ID: 79fa544233d74b378e7d999cd234ce6964d75b0e3e35f1dce7dad5a195963d54
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 767dd7ab98994f43239e4e329e749c2ad7475791c86a6fb4d160e6b955e6c056
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 17E0E524B49B0695EB199B51A864C6823A8BF08B04BC602B5CD6E023A8EF3CE164D240