Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Ei5hvT55El.exe

Overview

General Information

Sample name:Ei5hvT55El.exe
renamed because original name is a hash value
Original sample name:d162e84ba7fba61543ef898b324ec251.exe
Analysis ID:1578079
MD5:d162e84ba7fba61543ef898b324ec251
SHA1:4e1addeae5f762beb2897d82bee6619631cb45c2
SHA256:b6699f37fbf92723e57430df189036bc6a8b438776e815a9c4805ed5cae1c417
Tags:exeuser-abuse_ch
Infos:

Detection

Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
AI detected suspicious sample
Contains functionality to infect the boot sector
Hides threads from debuggers
Performs DNS queries to domains with low reputation
Binary contains a suspicious time stamp
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • Ei5hvT55El.exe (PID: 5760 cmdline: "C:\Users\user\Desktop\Ei5hvT55El.exe" MD5: D162E84BA7FBA61543EF898B324EC251)
    • Ei5hvT55El.exe (PID: 6696 cmdline: "C:\Users\user\Desktop\Ei5hvT55El.exe" MD5: D162E84BA7FBA61543EF898B324EC251)
      • cmd.exe (PID: 5612 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 5640 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-19T08:42:08.200831+010020581141Domain Observed Used for C2 Detected192.168.2.8493341.1.1.153UDP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: https://script.irisstealer.xyz/obtenciondeplaticaxxxxmiakhalifazAvira URL Cloud: Label: malware
Source: https://script.irisstealer.xyz/obtenciondeplaticaxxxxmiakhalifaAvira URL Cloud: Label: malware
Multi AV Scanner detection for submitted file
Source: Ei5hvT55El.exeVirustotal: Detection: 20%Perma Link
Source: Ei5hvT55El.exeReversingLabs: Detection: 15%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70B2A474 CryptReleaseContext,4_2_70B2A474
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70B2A46C CryptGenRandom,4_2_70B2A46C
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A37D40 CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,clock,clock,clock,clock,CryptReleaseContext,4_2_70A37D40
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\wheel-0.43.0.dist-info\LICENSE.txtJump to behavior
Source: Ei5hvT55El.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\A\40\b\bin\amd64\sqlite3.pdb source: Ei5hvT55El.exe, 00000004.00000002.1700555846.00007FFBAA142000.00000002.00000001.01000000.0000002E.sdmp, sqlite3.dll.1.dr
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: Ei5hvT55El.exe, 00000004.00000002.1704274528.00007FFBBB785000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\win32ui.pdb source: win32ui.cp310-win_amd64.pyd.1.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: Ei5hvT55El.exe, 00000004.00000002.1701333757.00007FFBAA5EF000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_ctypes.pdb source: Ei5hvT55El.exe, 00000004.00000002.1712273248.00007FFBC3150000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\win32api.pdb source: Ei5hvT55El.exe, 00000004.00000002.1706728951.00007FFBBB8E2000.00000002.00000001.01000000.0000000D.sdmp, win32api.cp310-win_amd64.pyd.1.dr
Source: Binary string: C:\A\40\b\bin\amd64\_queue.pdb source: Ei5hvT55El.exe, 00000001.00000003.1619720915.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1711584621.00007FFBBC343000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_sqlite3.pdb source: Ei5hvT55El.exe, 00000004.00000002.1703658189.00007FFBBB6BC000.00000002.00000001.01000000.0000002D.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_overlapped.pdb source: Ei5hvT55El.exe, 00000001.00000003.1613927180.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, _overlapped.pyd.1.dr
Source: Binary string: C:\A\40\b\bin\amd64\python310.pdb source: Ei5hvT55El.exe, 00000004.00000002.1702381161.00007FFBAAEF3000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1n 15 Mar 2022built on: Tue Mar 15 18:32:50 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: Ei5hvT55El.exe, 00000004.00000002.1701333757.00007FFBAA5EF000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_lzma.pdbNN source: Ei5hvT55El.exe, 00000001.00000003.1613122266.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1709110852.00007FFBBB91C000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_asyncio.pdb source: Ei5hvT55El.exe, 00000001.00000003.1608208247.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_lzma.pdb source: Ei5hvT55El.exe, 00000001.00000003.1613122266.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1709110852.00007FFBBB91C000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_multiprocessing.pdb source: Ei5hvT55El.exe, 00000001.00000003.1613536132.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.1.dr
Source: Binary string: C:\A\40\b\bin\amd64\select.pdb source: Ei5hvT55El.exe, 00000001.00000003.1628372229.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1712043889.00007FFBBC703000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\win32trace.pdb source: Ei5hvT55El.exe, 00000001.00000003.1629899324.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, win32trace.cp310-win_amd64.pyd.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\pywintypes.pdb( source: Ei5hvT55El.exe, 00000004.00000002.1710351508.00007FFBBB960000.00000002.00000001.01000000.0000000A.sdmp, pywintypes310.dll.1.dr
Source: Binary string: C:\A\40\b\bin\amd64\unicodedata.pdb source: Ei5hvT55El.exe, 00000001.00000003.1629200964.000002DC85E5E000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1701785835.00007FFBAABAC000.00000002.00000001.01000000.0000002B.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\pythoncom.pdb source: Ei5hvT55El.exe, 00000004.00000002.1705624413.00007FFBBB876000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: Ei5hvT55El.exe, 00000004.00000002.1704274528.00007FFBBB785000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\win32ui.pdbO source: win32ui.cp310-win_amd64.pyd.1.dr
Source: Binary string: C:\A\40\b\bin\amd64\_socket.pdb source: Ei5hvT55El.exe, 00000001.00000003.1620269527.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1710849803.00007FFBBC258000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_ssl.pdb source: Ei5hvT55El.exe, 00000004.00000002.1704894975.00007FFBBB7CD000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\pywintypes.pdb source: Ei5hvT55El.exe, 00000004.00000002.1710351508.00007FFBBB960000.00000002.00000001.01000000.0000000A.sdmp, pywintypes310.dll.1.dr
Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: Ei5hvT55El.exe, 00000001.00000003.1607884591.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1712611597.00007FFBC31F1000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\_win32sysloader.pdb source: Ei5hvT55El.exe, 00000001.00000003.1622110960.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_bz2.pdb source: Ei5hvT55El.exe, 00000001.00000003.1608437214.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1710092350.00007FFBBB93D000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_hashlib.pdb source: Ei5hvT55El.exe, 00000001.00000003.1612165920.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1710589074.00007FFBBC246000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\pythoncom.pdbz) source: Ei5hvT55El.exe, 00000004.00000002.1705624413.00007FFBBB876000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: Ei5hvT55El.exe, 00000004.00000002.1701333757.00007FFBAA671000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\pyexpat.pdb source: Ei5hvT55El.exe, 00000004.00000002.1705309246.00007FFBBB812000.00000002.00000001.01000000.0000000F.sdmp
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA951DAC _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,1_2_00007FF6FA951DAC
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA95C06C _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,1_2_00007FF6FA95C06C
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA951DAC _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,1_2_00007FF6FA951DAC
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FF6FA95C06C _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,4_2_00007FF6FA95C06C
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FF6FA951DAC _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,4_2_00007FF6FA951DAC
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FF6FA951DAC _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,4_2_00007FF6FA951DAC
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4x nop then push rbp4_2_70A2B990
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4x nop then push rbp4_2_70A2B990

Networking

barindex
Suricata IDS alerts for network traffic
Source: Network trafficSuricata IDS: 2058114 - Severity 1 - ET MALWARE Iris Stealer CnC Domain in DNS Lookup (irisstealer .xyz) : 192.168.2.8:49334 -> 1.1.1.1:53
Performs DNS queries to domains with low reputation
Source: DNS query: script.irisstealer.xyz
Source: unknownDNS traffic detected: query: script.irisstealer.xyz replaycode: Name error (3)
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: script.irisstealer.xyz
Source: Ei5hvT55El.exe, 00000004.00000002.1699037647.00000214BAECC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
Source: Ei5hvT55El.exe, 00000004.00000003.1684681747.00000214BA6B5000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662217074.00000214BA770000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674077985.00000214BA6B3000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1687246798.00000214BA6FE000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1663116325.00000214BA732000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674121357.00000214BA76E000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1687103868.00000214BA0F9000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673355897.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1686768871.00000214BA750000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662710936.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662217074.00000214BA732000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672404416.00000214BA6A0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA704000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1689043821.00000214BA708000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1686453183.00000214BA770000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662217074.00000214BA6D6000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662217074.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1675900387.00000214BA6B4000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685218194.00000214BA6B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
Source: Ei5hvT55El.exe, 00000004.00000002.1698691028.00000214BA9B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://bugs.python.org/issue23606)
Source: Ei5hvT55El.exe, 00000001.00000003.1623674560.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1622734378.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1622734378.000002DC85E60000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1623531662.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: Ei5hvT55El.exe, 00000001.00000003.1610631402.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1612165920.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1620696048.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1626732060.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1629200964.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1608437214.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1611281907.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613536132.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613122266.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1629200964.000002DC85E5E000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1619720915.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1626077600.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613927180.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1628602705.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1608208247.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1628372229.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1620269527.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1621636767.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, sqlite3.dll.1.dr, _multiprocessing.pyd.1.dr, _overlapped.pyd.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Ei5hvT55El.exe, 00000001.00000003.1623531662.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: Ei5hvT55El.exe, 00000001.00000003.1623674560.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1622734378.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1622734378.000002DC85E60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: Ei5hvT55El.exe, 00000001.00000003.1610631402.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1612165920.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1620696048.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1626732060.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1629200964.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1608437214.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1611281907.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613536132.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1623674560.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613122266.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1629200964.000002DC85E5E000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1622734378.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1619720915.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1626077600.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613927180.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1628602705.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1622734378.000002DC85E60000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1608208247.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1628372229.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1620269527.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1621636767.000002DC85E55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: Ei5hvT55El.exe, 00000001.00000003.1610631402.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1612165920.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1620696048.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1626732060.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1629200964.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1608437214.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1611281907.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613536132.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613122266.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1619720915.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1626077600.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613927180.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1628602705.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1608208247.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1628372229.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1620269527.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1621636767.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, sqlite3.dll.1.dr, _multiprocessing.pyd.1.dr, _overlapped.pyd.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Ei5hvT55El.exe, 00000001.00000003.1610631402.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1612165920.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1620696048.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1626732060.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1629200964.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1608437214.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1611281907.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613536132.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1623674560.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613122266.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1629200964.000002DC85E5E000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1619720915.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1626077600.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613927180.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1628602705.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1622734378.000002DC85E60000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1608208247.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1628372229.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1620269527.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1621636767.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, sqlite3.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Ei5hvT55El.exe, 00000004.00000002.1697376180.00000214BA4B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cffi.readthedocs.io/en/latest/cdef.html#ffi-cdef-limitations
Source: Ei5hvT55El.exe, 00000004.00000002.1697515103.00000214BA5B9000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA704000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1687659535.00000214BA71F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1675486038.00000214BA71D000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671737540.00000214BA5B6000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673355897.00000214BA71A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
Source: Ei5hvT55El.exe, 00000004.00000003.1678417811.00000214B9F86000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1683135542.00000214B9F89000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672044210.00000214B9F21000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674213069.00000214B9F67000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662987427.00000214BA5CE000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1642089219.00000214BA5BE000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1642089219.00000214BA601000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1687793176.00000214B9F8C000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673307262.00000214B9F3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577916/
Source: Ei5hvT55El.exe, 00000004.00000003.1682524694.00000214BB177000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1683925122.00000214BB180000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1682863107.00000214BB189000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1699765818.00000214BB180000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1682631715.00000214BB181000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1699817683.00000214BB18C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674121357.00000214BA76E000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1696701460.00000214B9F87000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1678417811.00000214B9F86000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673355897.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672044210.00000214B9F21000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674213069.00000214B9F67000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1676115328.00000214BA790000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673307262.00000214B9F3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: Ei5hvT55El.exe, 00000004.00000003.1688447052.00000214BA7EB000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1676229277.00000214BA932000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665492833.00000214BA90B000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1684482653.00000214BA797000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674121357.00000214BA76E000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1684337416.00000214BA793000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1680389333.00000214BA935000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673355897.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1689578247.00000214BA81C000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1676115328.00000214BA790000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1687916946.00000214BA7CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: Ei5hvT55El.exe, 00000004.00000003.1673643045.00000214BA00C000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685999628.00000214BA011000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672044210.00000214B9FD0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672894033.00000214B9FD0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1686260157.00000214BA03A000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1684588051.00000214BA011000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674540395.00000214BA010000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1679801436.00000214BA011000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: Ei5hvT55El.exe, 00000004.00000003.1682524694.00000214BB177000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1683925122.00000214BB180000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1699765818.00000214BB180000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: Ei5hvT55El.exe, 00000004.00000003.1682524694.00000214BB177000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1682863107.00000214BB189000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1682631715.00000214BB181000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1699817683.00000214BB18C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
Source: Ei5hvT55El.exe, 00000004.00000003.1682524694.00000214BB177000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1683925122.00000214BB180000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1699765818.00000214BB180000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crll6
Source: Ei5hvT55El.exe, 00000004.00000003.1665492833.00000214BA98C000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1681727117.00000214BA995000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA704000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1687659535.00000214BA71F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1675486038.00000214BA71D000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1688335730.00000214BA723000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673355897.00000214BA71A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: Ei5hvT55El.exe, 00000004.00000003.1671374371.00000214BA98C000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665492833.00000214BA98C000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1681727117.00000214BA995000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA704000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1687659535.00000214BA71F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1675486038.00000214BA71D000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1688335730.00000214BA723000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673355897.00000214BA71A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: Ei5hvT55El.exe, 00000004.00000003.1671374371.00000214BA98C000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665492833.00000214BA98C000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1681727117.00000214BA995000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crlce
Source: Ei5hvT55El.exe, 00000001.00000003.1623531662.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: Ei5hvT55El.exe, 00000004.00000003.1671374371.00000214BA98C000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665492833.00000214BA98C000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1681727117.00000214BA995000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674121357.00000214BA76E000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673355897.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1676115328.00000214BA790000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: Ei5hvT55El.exe, 00000001.00000003.1626732060.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1629200964.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1608437214.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1611281907.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613536132.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613122266.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1629200964.000002DC85E5E000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1619720915.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1626077600.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613927180.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1628602705.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1608208247.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1628372229.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1620269527.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1621636767.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, sqlite3.dll.1.dr, _multiprocessing.pyd.1.dr, _overlapped.pyd.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Ei5hvT55El.exe, 00000001.00000003.1623531662.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: Ei5hvT55El.exe, 00000001.00000003.1623674560.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1622734378.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1622734378.000002DC85E60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: Ei5hvT55El.exe, 00000001.00000003.1610631402.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1612165920.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1620696048.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1626732060.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1629200964.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1608437214.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1611281907.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613536132.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1623674560.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613122266.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1629200964.000002DC85E5E000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1622734378.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1619720915.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1626077600.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613927180.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1628602705.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1622734378.000002DC85E60000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1608208247.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1628372229.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1620269527.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1621636767.000002DC85E55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Ei5hvT55El.exe, 00000001.00000003.1610631402.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1612165920.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1620696048.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1626732060.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1629200964.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1608437214.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1611281907.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613536132.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613122266.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1619720915.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1626077600.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613927180.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1628602705.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1608208247.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1628372229.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1620269527.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1621636767.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, sqlite3.dll.1.dr, _multiprocessing.pyd.1.dr, _overlapped.pyd.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Ei5hvT55El.exe, 00000001.00000003.1613927180.000002DC85E55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.cr
Source: _overlapped.pyd.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Ei5hvT55El.exe, 00000001.00000003.1623531662.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: Ei5hvT55El.exe, 00000001.00000003.1623674560.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1622734378.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1622734378.000002DC85E60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: Ei5hvT55El.exe, 00000001.00000003.1626732060.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.dig
Source: Ei5hvT55El.exe, 00000001.00000003.1623674560.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1622734378.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1622734378.000002DC85E60000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1623531662.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: Ei5hvT55El.exe, 00000001.00000003.1610631402.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1612165920.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1620696048.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1626732060.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1629200964.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1608437214.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1611281907.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613536132.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1623674560.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613122266.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1629200964.000002DC85E5E000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1622734378.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1619720915.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1626077600.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613927180.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1628602705.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1622734378.000002DC85E60000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1608208247.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1628372229.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1620269527.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1621636767.000002DC85E55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: Ei5hvT55El.exe, 00000001.00000003.1623531662.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: Ei5hvT55El.exe, 00000001.00000003.1623674560.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1622734378.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1622734378.000002DC85E60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: Ei5hvT55El.exe, 00000004.00000003.1684681747.00000214BA6B5000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662217074.00000214BA770000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674077985.00000214BA6B3000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1687246798.00000214BA6FE000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674121357.00000214BA76E000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673355897.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672404416.00000214BA6A0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1686453183.00000214BA770000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662217074.00000214BA6D6000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1675900387.00000214BA6B4000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685218194.00000214BA6B6000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1687177272.00000214BA6F8000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672497349.00000214BA6B2000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685187226.00000214BA770000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671737540.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685412227.00000214BA6BD000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1687137063.00000214BA771000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
Source: Ei5hvT55El.exe, 00000004.00000003.1687103868.00000214BA0F9000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672404416.00000214BA6A0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662217074.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1688118236.00000214BA6A3000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671737540.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665375550.00000214BA067000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674729640.00000214BA0F6000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672687535.00000214BA0F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
Source: Ei5hvT55El.exe, 00000004.00000003.1673643045.00000214BA00C000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685999628.00000214BA011000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1663116325.00000214BA732000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672044210.00000214B9FD0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672894033.00000214B9FD0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1686260157.00000214BA03A000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1686768871.00000214BA750000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662710936.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662217074.00000214BA732000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA704000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1689043821.00000214BA708000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1684588051.00000214BA011000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662217074.00000214BA6D6000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674540395.00000214BA010000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673355897.00000214BA71A000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673915098.00000214BA730000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1698013942.00000214BA751000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674781977.00000214BA737000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1679801436.00000214BA011000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685694477.00000214BA74A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
Source: Ei5hvT55El.exe, 00000004.00000003.1684681747.00000214BA6B5000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1686628344.00000214B9BD2000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1698691028.00000214BA9B0000.00000004.00001000.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1684062319.00000214BA60A000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1698918533.00000214BACB0000.00000004.00001000.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1697259290.00000214BA3B0000.00000004.00001000.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674077985.00000214BA6B3000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1697376180.00000214BA4B0000.00000004.00001000.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1687246798.00000214BA6FE000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674890755.00000214BA608000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671737540.00000214BA5DD000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1684982506.00000214B9BA7000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674402540.00000214B9BA6000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1678417811.00000214B9F86000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672823232.00000214BA600000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1691786291.00000214BA60A000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672404416.00000214BA6A0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1683135542.00000214B9F89000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672044210.00000214B9F21000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1689043821.00000214BA6FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
Source: Ei5hvT55El.exe, 00000004.00000003.1664587308.00000214BA8CF000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1699239935.00000214BAF30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: Ei5hvT55El.exe, 00000004.00000002.1697021139.00000214BA200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/itertools.html#recipes
Source: Ei5hvT55El.exe, 00000004.00000002.1697021139.00000214BA200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tar.gz
Source: Ei5hvT55El.exe, 00000004.00000002.1697021139.00000214BA200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tgz
Source: Ei5hvT55El.exe, 00000004.00000003.1692179063.00000214BA724000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1697933165.00000214BA724000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA704000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1687659535.00000214BA71F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1675486038.00000214BA71D000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1688335730.00000214BA723000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673355897.00000214BA71A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: Ei5hvT55El.exe, 00000004.00000002.1698139086.00000214BA770000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674121357.00000214BA76E000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673355897.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1686453183.00000214BA770000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685187226.00000214BA770000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA764000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
Source: Ei5hvT55El.exe, 00000004.00000003.1688447052.00000214BA7EB000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1698246767.00000214BA81F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1684482653.00000214BA797000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674121357.00000214BA76E000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1684337416.00000214BA793000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673355897.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA704000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1684933675.00000214BA711000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1689578247.00000214BA81C000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1676115328.00000214BA790000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1687916946.00000214BA7CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: Ei5hvT55El.exe, 00000004.00000003.1671737540.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1677506557.00000214B9F2E000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1679801436.00000214BA011000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://json.org
Source: Ei5hvT55El.exe, 00000004.00000002.1696701460.00000214B9F87000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1678417811.00000214B9F86000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672044210.00000214B9F21000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674213069.00000214B9F67000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673307262.00000214B9F3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
Source: Ei5hvT55El.exe, 00000004.00000003.1676229277.00000214BA932000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1683000688.00000214BA95A000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665492833.00000214BA90B000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1681171069.00000214BA951000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1683976648.00000214BA95D000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1677440287.00000214BA94F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
Source: Ei5hvT55El.exe, 00000001.00000003.1623674560.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digi
Source: Ei5hvT55El.exe, 00000001.00000003.1610631402.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1612165920.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1620696048.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1626732060.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1629200964.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1608437214.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1611281907.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613536132.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1623674560.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613122266.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1629200964.000002DC85E5E000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1622734378.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1619720915.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1626077600.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613927180.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1628602705.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1622734378.000002DC85E60000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1608208247.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1628372229.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1620269527.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1621636767.000002DC85E55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: Ei5hvT55El.exe, 00000001.00000003.1610631402.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1612165920.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1620696048.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1626732060.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1629200964.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1608437214.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1611281907.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613536132.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1623674560.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613122266.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1629200964.000002DC85E5E000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1619720915.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1626077600.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613927180.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1628602705.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1622734378.000002DC85E60000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1608208247.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1628372229.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1620269527.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1621636767.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, sqlite3.dll.1.drString found in binary or memory: http://ocsp.digicert.com0A
Source: Ei5hvT55El.exe, 00000001.00000003.1610631402.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1612165920.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1620696048.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1626732060.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1629200964.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1608437214.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1611281907.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613536132.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1623674560.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613122266.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1629200964.000002DC85E5E000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1622734378.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1619720915.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1626077600.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613927180.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1628602705.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1622734378.000002DC85E60000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1623531662.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1608208247.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1628372229.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1620269527.000002DC85E55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: Ei5hvT55El.exe, 00000001.00000003.1623531662.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
Source: Ei5hvT55El.exe, 00000001.00000003.1623674560.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1622734378.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1622734378.000002DC85E60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
Source: Ei5hvT55El.exe, 00000001.00000003.1610631402.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1612165920.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1620696048.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1626732060.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1629200964.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1608437214.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1611281907.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613536132.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613122266.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1619720915.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1626077600.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613927180.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1628602705.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1608208247.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1628372229.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1620269527.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1621636767.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, sqlite3.dll.1.dr, _multiprocessing.pyd.1.dr, _overlapped.pyd.1.drString found in binary or memory: http://ocsp.digicert.com0X
Source: Ei5hvT55El.exe, 00000001.00000003.1623674560.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digif
Source: Ei5hvT55El.exe, 00000001.00000003.1623531662.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
Source: Ei5hvT55El.exe, 00000004.00000002.1696048860.00000214B9E00000.00000004.00001000.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1697021139.00000214BA200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
Source: Ei5hvT55El.exe, 00000004.00000003.1671514164.00000214BA8BF000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665067122.00000214BA8BF000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671374371.00000214BA98C000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673618476.00000214B9B81000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1681491635.00000214BA8BF000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1684724350.00000214B9B83000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1698635356.00000214BA99F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672265862.00000214BA99D000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1695619375.00000214B9B85000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1698388603.00000214BA8BF000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1681727117.00000214BA99F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665492833.00000214BA98C000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1688713205.00000214B9B84000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1676291573.00000214BA99E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
Source: Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1677408699.00000214B9F24000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674121357.00000214BA76E000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673355897.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1692086959.00000214B9F2F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672044210.00000214B9F21000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1675829190.00000214B9F23000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673732089.00000214B9F23000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685062716.00000214B9F2F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1688742582.00000214B9F2F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1677506557.00000214B9F2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-76
Source: Ei5hvT55El.exe, 00000004.00000003.1692179063.00000214BA724000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672823232.00000214BA61F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674890755.00000214BA61F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1697933165.00000214BA724000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1663116325.00000214BA715000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671737540.00000214BA61F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662217074.00000214BA70F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA704000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1687659535.00000214BA71F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1689160518.00000214BA621000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1675486038.00000214BA71D000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1686901965.00000214BA61F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662217074.00000214BA6D6000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1684062319.00000214BA61F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662987427.00000214BA5CE000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1688335730.00000214BA723000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673355897.00000214BA71A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc4880
Source: Ei5hvT55El.exe, 00000004.00000002.1698918533.00000214BAD14000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5234
Source: Ei5hvT55El.exe, 00000004.00000002.1697259290.00000214BA3B0000.00000004.00001000.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1697376180.00000214BA4B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5297
Source: Ei5hvT55El.exe, 00000004.00000003.1663116325.00000214BA732000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1697991465.00000214BA74B000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662217074.00000214BA732000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA704000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673355897.00000214BA71A000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673915098.00000214BA730000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674781977.00000214BA737000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685694477.00000214BA74A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5869
Source: Ei5hvT55El.exe, 00000004.00000002.1699037647.00000214BAE98000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: Ei5hvT55El.exe, 00000004.00000002.1698918533.00000214BAD14000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6455#section-5.2
Source: Ei5hvT55El.exe, 00000001.00000003.1623531662.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: Ei5hvT55El.exe, 00000001.00000003.1623531662.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: Ei5hvT55El.exe, 00000001.00000003.1623531662.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: Ei5hvT55El.exe, 00000004.00000003.1663181838.00000214BA727000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1663116325.00000214BA715000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662217074.00000214BA70F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA704000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1689043821.00000214BA708000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662217074.00000214BA6D6000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1697884227.00000214BA708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
Source: Ei5hvT55El.exe, 00000004.00000003.1676229277.00000214BA932000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1683000688.00000214BA95A000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665492833.00000214BA90B000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1696701460.00000214B9F87000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1678417811.00000214B9F86000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672044210.00000214B9F21000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1681171069.00000214BA951000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674213069.00000214B9F67000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1683976648.00000214BA95D000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1677440287.00000214BA94F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673307262.00000214B9F3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: Ei5hvT55El.exe, 00000004.00000003.1676229277.00000214BA932000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665492833.00000214BA90B000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1681171069.00000214BA951000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1698555556.00000214BA956000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1677440287.00000214BA94F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: Ei5hvT55El.exe, 00000004.00000003.1676229277.00000214BA932000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665492833.00000214BA90B000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1681171069.00000214BA951000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1698555556.00000214BA956000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1677440287.00000214BA94F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl#8p
Source: Ei5hvT55El.exe, 00000004.00000003.1676229277.00000214BA932000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1683000688.00000214BA95A000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665492833.00000214BA90B000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1681171069.00000214BA951000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1683976648.00000214BA95D000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1677440287.00000214BA94F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: Ei5hvT55El.exe, 00000004.00000003.1672823232.00000214BA61F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674890755.00000214BA61F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671737540.00000214BA61F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1686901965.00000214BA61F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1684062319.00000214BA61F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1691625523.00000214BA620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: Ei5hvT55El.exe, 00000004.00000003.1676229277.00000214BA932000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1683000688.00000214BA95A000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665492833.00000214BA90B000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1681171069.00000214BA951000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1683976648.00000214BA95D000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1677440287.00000214BA94F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: Ei5hvT55El.exe, 00000004.00000003.1672823232.00000214BA61F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674890755.00000214BA61F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671737540.00000214BA61F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1686901965.00000214BA61F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1684062319.00000214BA61F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1691625523.00000214BA620000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm5
Source: Ei5hvT55El.exe, 00000004.00000003.1672823232.00000214BA61F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1676229277.00000214BA932000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674890755.00000214BA61F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1683000688.00000214BA95A000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665492833.00000214BA90B000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671737540.00000214BA61F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1686901965.00000214BA61F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1684062319.00000214BA61F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1681171069.00000214BA951000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1683976648.00000214BA95D000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1691625523.00000214BA620000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1677440287.00000214BA94F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
Source: Ei5hvT55El.exe, 00000001.00000003.1631518980.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/
Source: Ei5hvT55El.exe, 00000001.00000003.1631518980.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1631518980.000002DC85E63000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1631629822.000002DC85E63000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674781977.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1677408699.00000214B9F24000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673355897.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1688810133.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1686768871.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1689654987.00000214BA5B1000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672044210.00000214B9F21000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1675829190.00000214B9F23000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673732089.00000214B9F23000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685694477.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1698042160.00000214BA764000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Ei5hvT55El.exe, 00000004.00000002.1697259290.00000214BA3B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: Ei5hvT55El.exe, 00000004.00000003.1683023234.00000214BB168000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1687500314.00000214B9BE8000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1684982506.00000214B9BA7000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674402540.00000214B9BA6000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1683163107.00000214BB16C000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1686424048.00000214B9BDF000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1682770286.00000214BB161000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673789255.00000214B9B96000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672207554.00000214B9B88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: Ei5hvT55El.exe, 00000004.00000003.1683023234.00000214BB168000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1683163107.00000214BB16C000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1682770286.00000214BB161000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/F
Source: Ei5hvT55El.exe, 00000004.00000003.1663116325.00000214BA732000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1686768871.00000214BA750000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662217074.00000214BA732000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA704000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673355897.00000214BA71A000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673915098.00000214BA730000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1698013942.00000214BA751000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674781977.00000214BA737000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685694477.00000214BA74A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
Source: Ei5hvT55El.exe, 00000004.00000002.1698820231.00000214BABB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.dabeaz.com/ply)
Source: Ei5hvT55El.exe, 00000004.00000003.1662217074.00000214BA6B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dabeaz.com/ply)F
Source: Ei5hvT55El.exe, 00000001.00000003.1610631402.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1612165920.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1620696048.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1626732060.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1629200964.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1608437214.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1611281907.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613536132.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1623674560.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613122266.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1629200964.000002DC85E5E000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1622734378.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1619720915.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1626077600.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1613927180.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1628602705.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1622734378.000002DC85E60000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1608208247.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1628372229.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1620269527.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1621636767.000002DC85E55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: Ei5hvT55El.exe, 00000004.00000003.1684681747.00000214BA6B5000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1683023234.00000214BB168000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674077985.00000214BA6B3000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1684439500.00000214BB16E000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1683163107.00000214BB16C000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672404416.00000214BA6A0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1689437436.00000214BA6E0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1682770286.00000214BB161000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1675900387.00000214BA6B4000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685218194.00000214BA6B6000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672497349.00000214BA6B2000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671737540.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685412227.00000214BA6BD000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1697859149.00000214BA6E9000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1699742880.00000214BB16E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
Source: Ei5hvT55El.exe, 00000004.00000003.1671737540.00000214BA5DD000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662987427.00000214BA5CE000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1688030565.00000214BA5DE000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1697568052.00000214BA5E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: Ei5hvT55El.exe, 00000004.00000002.1698246767.00000214BA853000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1692552409.00000214BA84E000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1688447052.00000214BA7EB000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1684482653.00000214BA797000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674121357.00000214BA76E000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1684337416.00000214BA793000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673355897.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1689578247.00000214BA81C000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1676115328.00000214BA790000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1687916946.00000214BA7CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
Source: Ei5hvT55El.exe, 00000004.00000003.1677408699.00000214B9F24000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1692086959.00000214B9F2F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672044210.00000214B9F21000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1675829190.00000214B9F23000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673732089.00000214B9F23000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685062716.00000214B9F2F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1688742582.00000214B9F2F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1677506557.00000214B9F2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: Ei5hvT55El.exe, 00000004.00000003.1663181838.00000214BA727000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1663116325.00000214BA715000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662217074.00000214BA70F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA704000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1689043821.00000214BA708000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662217074.00000214BA6D6000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1697884227.00000214BA708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rfc-editor.org/info/rfc7253
Source: Ei5hvT55El.exe, 00000004.00000003.1663116325.00000214BA732000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1686768871.00000214BA750000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662217074.00000214BA732000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA704000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673355897.00000214BA71A000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673915098.00000214BA730000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674781977.00000214BA737000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685694477.00000214BA74A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
Source: Ei5hvT55El.exe, 00000004.00000003.1664587308.00000214BA8CF000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1683287673.00000214BA890000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672296898.00000214BA88E000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671425216.00000214BA88C000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1664587308.00000214BA884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
Source: Ei5hvT55El.exe, 00000001.00000003.1631648444.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://blog.jaraco.com/skeleton
Source: Ei5hvT55El.exe, Ei5hvT55El.exe, 00000004.00000002.1703068244.00007FFBAB93B000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
Source: Ei5hvT55El.exe, 00000001.00000003.1631648444.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://docs.python.org/3/library/importlib.metadata.html
Source: Ei5hvT55El.exe, 00000001.00000003.1631648444.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://docs.python.org/3/reference/import.html#finders-and-loaders
Source: Ei5hvT55El.exe, 00000004.00000002.1698820231.00000214BABB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: Ei5hvT55El.exe, 00000004.00000002.1697021139.00000214BA200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
Source: Ei5hvT55El.exe, 00000004.00000003.1671425216.00000214BA8B3000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1664587308.00000214BA8B3000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1681491635.00000214BA8B3000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1698388603.00000214BA8B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: Ei5hvT55El.exe, 00000004.00000003.1636465845.00000214B7AD4000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685296224.00000214B7AAA000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1639378957.00000214B7A90000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1635899270.00000214B7AD4000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672726688.00000214B7A8A000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671932653.00000214B7A54000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1636214500.00000214B7AD4000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672450598.00000214B7A89000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1636214500.00000214B7AA7000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1694571856.00000214B7AAC000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1637643066.00000214B7AB0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1636465845.00000214B7AA7000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1635899270.00000214B7AA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: Ei5hvT55El.exe, 00000001.00000003.1631648444.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://github.com/astral-sh/ruff
Source: Ei5hvT55El.exe, 00000004.00000003.1643498785.00000214B9BE4000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1697021139.00000214BA200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
Source: Ei5hvT55El.exe, 00000001.00000003.1630093917.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1628258825.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1629745950.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1622110960.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1629899324.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1628018333.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1629899324.000002DC85E63000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1710457788.00007FFBBB976000.00000002.00000001.01000000.0000000A.sdmp, Ei5hvT55El.exe, 00000004.00000002.1706445529.00007FFBBB8C4000.00000002.00000001.01000000.0000000E.sdmp, Ei5hvT55El.exe, 00000004.00000002.1707102153.00007FFBBB8F4000.00000002.00000001.01000000.0000000D.sdmp, pywintypes310.dll.1.dr, win32trace.cp310-win_amd64.pyd.1.dr, win32api.cp310-win_amd64.pyd.1.dr, win32ui.cp310-win_amd64.pyd.1.drString found in binary or memory: https://github.com/mhammond/pywin32
Source: Ei5hvT55El.exe, 00000004.00000002.1697376180.00000214BA4B0000.00000004.00001000.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671737540.00000214BA5DD000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662987427.00000214BA5CE000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1688030565.00000214BA5DE000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1697568052.00000214BA5E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/platformdirs/platformdirs
Source: Ei5hvT55El.exe, 00000004.00000002.1699349281.00000214BB060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/psf/requests/pull/6710
Source: Ei5hvT55El.exe, 00000001.00000003.1632455786.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.md
Source: Ei5hvT55El.exe, 00000004.00000002.1697259290.00000214BA3B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packaging
Source: Ei5hvT55El.exe, 00000004.00000002.1697259290.00000214BA3B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packagingMEI57602
Source: Ei5hvT55El.exe, 00000001.00000003.1632455786.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/wheel
Source: Ei5hvT55El.exe, 00000001.00000003.1632455786.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/wheel/issues
Source: Ei5hvT55El.exe, 00000004.00000002.1694993572.00000214B9848000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: Ei5hvT55El.exe, 00000004.00000003.1635899270.00000214B7AA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: Ei5hvT55El.exe, 00000004.00000003.1636465845.00000214B7AD4000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685296224.00000214B7AAA000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1639378957.00000214B7A90000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1635899270.00000214B7AD4000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672726688.00000214B7A8A000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671932653.00000214B7A54000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1636214500.00000214B7AD4000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672450598.00000214B7A89000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1636214500.00000214B7AA7000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1694571856.00000214B7AAC000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1637643066.00000214B7AB0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1636465845.00000214B7AA7000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1635899270.00000214B7AA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: METADATA.1.drString found in binary or memory: https://github.com/python/importlib_metadata
Source: Ei5hvT55El.exe, 00000001.00000003.1631648444.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://github.com/python/importlib_metadata/actions/workflows/main.yml/badge.svg
Source: Ei5hvT55El.exe, 00000001.00000003.1631648444.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://github.com/python/importlib_metadata/actions?query=workflow%3A%22tests%22
Source: Ei5hvT55El.exe, 00000001.00000003.1631648444.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://github.com/python/importlib_metadata/issues
Source: Ei5hvT55El.exe, 00000004.00000003.1636465845.00000214B7AD4000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1635899270.00000214B7AD4000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1636214500.00000214B7AD4000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1637643066.00000214B7AB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/cor
Source: Ei5hvT55El.exe, 00000004.00000003.1685296224.00000214B7AAA000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1639378957.00000214B7A90000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672726688.00000214B7A8A000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671932653.00000214B7A54000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672450598.00000214B7A89000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1636214500.00000214B7AA7000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1694571856.00000214B7AAC000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1636465845.00000214B7AA7000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1635899270.00000214B7AA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: Ei5hvT55El.exe, 00000004.00000002.1698820231.00000214BABB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674781977.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673355897.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1688810133.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1686768871.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685694477.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1698042160.00000214BA764000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: Ei5hvT55El.exe, 00000004.00000002.1698691028.00000214BA9B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: Ei5hvT55El.exe, 00000004.00000002.1699037647.00000214BAECC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/3290
Source: Ei5hvT55El.exe, 00000004.00000003.1685412227.00000214BA6BD000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1689220962.00000214BA6AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: Ei5hvT55El.exe, 00000004.00000003.1684681747.00000214BA6B5000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674077985.00000214BA6B3000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685385753.00000214BA6AF000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1689680162.00000214BA6BE000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672404416.00000214BA6A0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1675900387.00000214BA6B4000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685218194.00000214BA6B6000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672497349.00000214BA6B2000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671737540.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685412227.00000214BA6BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
Source: Ei5hvT55El.exe, 00000004.00000003.1672207554.00000214B9B88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
Source: Ei5hvT55El.exe, 00000004.00000003.1673643045.00000214BA00C000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685999628.00000214BA011000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672044210.00000214B9FD0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672894033.00000214B9FD0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1686260157.00000214BA03A000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1684588051.00000214BA011000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674540395.00000214BA010000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1679801436.00000214BA011000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: Ei5hvT55El.exe, 00000004.00000003.1685412227.00000214BA6BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
Source: Ei5hvT55El.exe, 00000004.00000002.1699239935.00000214BAF30000.00000004.00001000.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1696763810.00000214B9FB2000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673732089.00000214B9F23000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1681727117.00000214BA99F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665492833.00000214BA98C000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1687414270.00000214B9FB1000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674213069.00000214B9F67000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1677470433.00000214BA909000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685062716.00000214B9F2F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672044210.00000214B9FA8000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1688742582.00000214B9F2F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1677506557.00000214B9F2E000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1676291573.00000214BA99E000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673307262.00000214B9F3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
Source: Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA704000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673355897.00000214BA71A000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673915098.00000214BA730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
Source: Ei5hvT55El.exe, 00000001.00000003.1631648444.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://img.shields.io/badge/skeleton-2024-informational
Source: Ei5hvT55El.exe, 00000001.00000003.1631648444.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/charliermarsh/ruff/main/assets
Source: Ei5hvT55El.exe, 00000001.00000003.1631648444.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://img.shields.io/pypi/pyversions/importlib_metadata.svg
Source: Ei5hvT55El.exe, 00000001.00000003.1631648444.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://img.shields.io/pypi/v/importlib_metadata.svg
Source: METADATA.1.drString found in binary or memory: https://importlib-metadata.readthedocs.io/
Source: Ei5hvT55El.exe, 00000001.00000003.1631648444.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://importlib-metadata.readthedocs.io/en/latest/?badge=latest
Source: Ei5hvT55El.exe, 00000004.00000003.1674288357.00000214B9F46000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1686596932.00000214B9F47000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672044210.00000214B9F21000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662987427.00000214BA5CE000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1696450833.00000214B9F52000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1687687157.00000214B9F4F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673307262.00000214B9F3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: Ei5hvT55El.exe, 00000004.00000002.1698691028.00000214BA9B0000.00000004.00001000.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1698918533.00000214BACB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
Source: Ei5hvT55El.exe, 00000001.00000003.1631648444.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://pypi.org/project/importlib_metadata
Source: Ei5hvT55El.exe, 00000001.00000003.1632455786.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/setuptools/
Source: Ei5hvT55El.exe, 00000004.00000002.1702381161.00007FFBAAEF3000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://python.org/dev/peps/pep-0263/
Source: Ei5hvT55El.exe, 00000001.00000003.1631648444.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://readthedocs.org/projects/importlib-metadata/badge/?version=latest
Source: Ei5hvT55El.exe, 00000004.00000002.1697021139.00000214BA200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
Source: Ei5hvT55El.exe, 00000004.00000003.1684681747.00000214BA6B5000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674781977.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674077985.00000214BA6B3000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673355897.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1688810133.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1686768871.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672404416.00000214BA6A0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA704000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1699239935.00000214BAF30000.00000004.00001000.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1691508343.00000214BA6B8000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1696048860.00000214B9E00000.00000004.00001000.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685694477.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1675900387.00000214BA6B4000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685218194.00000214BA6B6000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672497349.00000214BA6B2000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673355897.00000214BA71A000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671737540.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673915098.00000214BA730000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1698042160.00000214BA764000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
Source: Ei5hvT55El.exe, 00000004.00000002.1699349281.00000214BB074000.00000004.00001000.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1696932113.00000214BA100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://script.irisstealer.xyz/obtenciondeplaticaxxxxmiakhalifa
Source: Ei5hvT55El.exe, 00000004.00000002.1696932113.00000214BA100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://script.irisstealer.xyz/obtenciondeplaticaxxxxmiakhalifap/
Source: Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672404416.00000214BA6A0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1689654987.00000214BA5B1000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662217074.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671737540.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1697802724.00000214BA6A1000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1697491822.00000214BA5B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://script.irisstealer.xyz/obtenciondeplaticaxxxxmiakhalifaz
Source: Ei5hvT55El.exe, 00000004.00000003.1640113703.00000214BA046000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1639514365.00000214BA046000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html
Source: Ei5hvT55El.exe, 00000004.00000003.1677408699.00000214B9F24000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1692086959.00000214B9F2F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672044210.00000214B9F21000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1640113703.00000214B9FF6000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1675829190.00000214B9F23000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673732089.00000214B9F23000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1640113703.00000214BA046000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1640200711.00000214B9F27000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1639563764.00000214B9FEF000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685062716.00000214B9F2F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1688742582.00000214B9F2F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1677506557.00000214B9F2E000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1639514365.00000214BA046000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
Source: Ei5hvT55El.exe, 00000004.00000002.1696048860.00000214B9E00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages
Source: Ei5hvT55El.exe, 00000004.00000003.1640113703.00000214B9FF6000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1640113703.00000214BA046000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1639563764.00000214B9FEF000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1639514365.00000214BA046000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:
Source: Ei5hvT55El.exe, 00000004.00000003.1640113703.00000214B9FF6000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1640113703.00000214BA046000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1639563764.00000214B9FEF000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1639514365.00000214BA046000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:r;Nr
Source: Ei5hvT55El.exe, 00000001.00000003.1631648444.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://tidelift.com/badges/package/pypi/importlib-metadata
Source: METADATA.1.drString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-importlib-metadata?utm_source=pypi-importlib-metadata&utm
Source: Ei5hvT55El.exe, 00000004.00000003.1685485392.00000214BA006000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672044210.00000214B9FD0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672894033.00000214B9FD0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1684773316.00000214BA003000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674624977.00000214BA002000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685999628.00000214BA007000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673762100.00000214B9FF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: Ei5hvT55El.exe, 00000004.00000003.1687103868.00000214BA0F9000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672404416.00000214BA6A0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662217074.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1688118236.00000214BA6A3000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671737540.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665375550.00000214BA067000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674729640.00000214BA0F6000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672687535.00000214BA0F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3610
Source: Ei5hvT55El.exe, 00000004.00000003.1663116325.00000214BA732000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1686768871.00000214BA750000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662217074.00000214BA732000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA704000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673355897.00000214BA71A000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673915098.00000214BA730000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1698013942.00000214BA751000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674781977.00000214BA737000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685694477.00000214BA74A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5297
Source: Ei5hvT55El.exe, 00000004.00000003.1684681747.00000214BA6B5000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672726688.00000214B7A8A000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671932653.00000214B7A54000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674077985.00000214BA6B3000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672450598.00000214B7A89000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672404416.00000214BA6A0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1675900387.00000214BA6B4000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685218194.00000214BA6B6000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1687633227.00000214B7A8F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672497349.00000214BA6B2000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671737540.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685412227.00000214BA6BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: Ei5hvT55El.exe, 00000004.00000002.1698691028.00000214BA9B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: Ei5hvT55El.exe, 00000004.00000002.1699037647.00000214BAE98000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: Ei5hvT55El.exe, 00000004.00000002.1699037647.00000214BAE98000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsp
Source: Ei5hvT55El.exe, 00000001.00000003.1632455786.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wheel.readthedocs.io/
Source: Ei5hvT55El.exe, 00000001.00000003.1632455786.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wheel.readthedocs.io/en/stable/news.html
Source: Ei5hvT55El.exe, 00000004.00000002.1697467468.00000214BA5B0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662987427.00000214BA5CE000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1642089219.00000214BA5BE000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1642089219.00000214BA601000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gz
Source: Ei5hvT55El.exe, 00000001.00000003.1623674560.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1622734378.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1622734378.000002DC85E60000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1623531662.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: Ei5hvT55El.exe, 00000004.00000003.1677408699.00000214B9F24000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1692086959.00000214B9F2F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672044210.00000214B9F21000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1675829190.00000214B9F23000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673732089.00000214B9F23000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1696345976.00000214B9F37000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685062716.00000214B9F2F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1688742582.00000214B9F2F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1677506557.00000214B9F2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
Source: Ei5hvT55El.exe, 00000001.00000003.1623674560.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1704416845.00007FFBBB7BA000.00000002.00000001.01000000.00000014.sdmp, Ei5hvT55El.exe, 00000004.00000002.1701602806.00007FFBAA6E7000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://www.openssl.org/H
Source: Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA704000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673355897.00000214BA71A000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673915098.00000214BA730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
Source: Ei5hvT55El.exe, 00000004.00000003.1674288357.00000214B9F46000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1686596932.00000214B9F47000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672044210.00000214B9F21000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662987427.00000214BA5CE000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1696450833.00000214B9F52000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1687687157.00000214B9F4F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673307262.00000214B9F3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
Source: Ei5hvT55El.exe, 00000001.00000003.1630585060.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1696048860.00000214B9E00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/dev/peps/pep-0205/
Source: Ei5hvT55El.exe, 00000001.00000003.1632455786.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/dev/peps/pep-0427/
Source: Ei5hvT55El.exe, 00000004.00000002.1694993572.00000214B97C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: Ei5hvT55El.exe, 00000004.00000003.1684681747.00000214BA6B5000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674077985.00000214BA6B3000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1689680162.00000214BA6BE000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672404416.00000214BA6A0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1675900387.00000214BA6B4000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685218194.00000214BA6B6000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672497349.00000214BA6B2000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671737540.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685412227.00000214BA6BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
Source: Ei5hvT55El.exe, 00000004.00000003.1683023234.00000214BB168000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1683163107.00000214BB16C000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1682770286.00000214BB161000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
Source: Ei5hvT55El.exe, 00000004.00000003.1682524694.00000214BB177000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1683925122.00000214BB180000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1682863107.00000214BB189000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1699765818.00000214BB180000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1682631715.00000214BB181000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1699817683.00000214BB18C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: Ei5hvT55El.exe, 00000004.00000003.1684681747.00000214BA6B5000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674077985.00000214BA6B3000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685385753.00000214BA6AF000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1689680162.00000214BA6BE000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672404416.00000214BA6A0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1675900387.00000214BA6B4000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685218194.00000214BA6B6000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672497349.00000214BA6B2000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671737540.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685412227.00000214BA6BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A708E0 LoadLibraryA,GetProcAddress,GetCurrentThread,NtSetInformationThread,4_2_70A708E0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70B2A4BC: DeviceIoControl,4_2_70B2A4BC
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA9600101_2_00007FF6FA960010
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA95B13C1_2_00007FF6FA95B13C
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA951DAC1_2_00007FF6FA951DAC
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA9462D01_2_00007FF6FA9462D0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA9602A41_2_00007FF6FA9602A4
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA952BE01_2_00007FF6FA952BE0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA9587F41_2_00007FF6FA9587F4
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA947FCC1_2_00007FF6FA947FCC
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA963C181_2_00007FF6FA963C18
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA94E80C1_2_00007FF6FA94E80C
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA9497601_2_00007FF6FA949760
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA941B801_2_00007FF6FA941B80
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA95E4EC1_2_00007FF6FA95E4EC
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA95E0C01_2_00007FF6FA95E0C0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA94790D1_2_00007FF6FA94790D
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA95B13C1_2_00007FF6FA95B13C
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA94A0601_2_00007FF6FA94A060
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA95C06C1_2_00007FF6FA95C06C
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA956DE01_2_00007FF6FA956DE0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA960A181_2_00007FF6FA960A18
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA9592001_2_00007FF6FA959200
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA94E5A41_2_00007FF6FA94E5A4
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA9482D81_2_00007FF6FA9482D8
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA951DAC1_2_00007FF6FA951DAC
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA95FF2C1_2_00007FF6FA95FF2C
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA9507001_2_00007FF6FA950700
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA947AA41_2_00007FF6FA947AA4
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA9546841_2_00007FF6FA954684
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A0E6F04_2_70A0E6F0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A0A7B04_2_70A0A7B0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A6FC004_2_70A6FC00
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A3B1A04_2_70A3B1A0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A311C04_2_70A311C0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A7E1604_2_70A7E160
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A6D2804_2_70A6D280
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A0F2204_2_70A0F220
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A962304_2_70A96230
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A262004_2_70A26200
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A013E04_2_70A013E0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A433204_2_70A43320
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A223604_2_70A22360
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A403504_2_70A40350
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A3E4B04_2_70A3E4B0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A3D4504_2_70A3D450
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A435A04_2_70A435A0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A235904_2_70A23590
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A7D5604_2_70A7D560
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A225404_2_70A22540
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A0F7C04_2_70A0F7C0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A6B7C04_2_70A6B7C0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A357404_2_70A35740
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A3E8D04_2_70A3E8D0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A6C8654_2_70A6C865
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A348704_2_70A34870
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A2B9904_2_70A2B990
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A419904_2_70A41990
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A249F04_2_70A249F0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A31A804_2_70A31A80
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A29AC04_2_70A29AC0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A38A104_2_70A38A10
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A6EA104_2_70A6EA10
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A7DA404_2_70A7DA40
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A26BC04_2_70A26BC0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A3CB704_2_70A3CB70
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A36B504_2_70A36B50
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A39CF04_2_70A39CF0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A56C324_2_70A56C32
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A6DDA04_2_70A6DDA0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A5DD904_2_70A5DD90
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A76DE04_2_70A76DE0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A26D604_2_70A26D60
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A3AD604_2_70A3AD60
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A35EA04_2_70A35EA0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A37EC04_2_70A37EC0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A07E204_2_70A07E20
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A18E404_2_70A18E40
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A6BF804_2_70A6BF80
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A56FC04_2_70A56FC0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A3CF604_2_70A3CF60
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FF6FA94790D4_2_00007FF6FA94790D
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FF6FA952BE04_2_00007FF6FA952BE0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FF6FA963C184_2_00007FF6FA963C18
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FF6FA941B804_2_00007FF6FA941B80
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FF6FA95E4EC4_2_00007FF6FA95E4EC
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FF6FA95B13C4_2_00007FF6FA95B13C
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FF6FA960A184_2_00007FF6FA960A18
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FF6FA9592004_2_00007FF6FA959200
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FF6FA95B13C4_2_00007FF6FA95B13C
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FF6FA9482D84_2_00007FF6FA9482D8
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FF6FA9462D04_2_00007FF6FA9462D0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FF6FA9602A44_2_00007FF6FA9602A4
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FF6FA947AA44_2_00007FF6FA947AA4
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FF6FA9587F44_2_00007FF6FA9587F4
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FF6FA947FCC4_2_00007FF6FA947FCC
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FF6FA94E80C4_2_00007FF6FA94E80C
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FF6FA9600104_2_00007FF6FA960010
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FF6FA9497604_2_00007FF6FA949760
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FF6FA95E0C04_2_00007FF6FA95E0C0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FF6FA94A0604_2_00007FF6FA94A060
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FF6FA95C06C4_2_00007FF6FA95C06C
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FF6FA956DE04_2_00007FF6FA956DE0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FF6FA94E5A44_2_00007FF6FA94E5A4
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FF6FA951DAC4_2_00007FF6FA951DAC
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FF6FA951DAC4_2_00007FF6FA951DAC
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FF6FA95FF2C4_2_00007FF6FA95FF2C
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FF6FA9507004_2_00007FF6FA950700
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FF6FA9546844_2_00007FF6FA954684
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA0CEAB04_2_00007FFBAA0CEAB0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA0DCAD04_2_00007FFBAA0DCAD0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA07DB104_2_00007FFBAA07DB10
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA092B804_2_00007FFBAA092B80
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA0C7B804_2_00007FFBAA0C7B80
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA04ABF04_2_00007FFBAA04ABF0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA059BEF4_2_00007FFBAA059BEF
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA075C104_2_00007FFBAA075C10
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA025C704_2_00007FFBAA025C70
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA0A3C604_2_00007FFBAA0A3C60
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA03A8A04_2_00007FFBAA03A8A0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA0C38D04_2_00007FFBAA0C38D0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA0468C04_2_00007FFBAA0468C0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA0CF8C04_2_00007FFBAA0CF8C0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA07F9304_2_00007FFBAA07F930
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA09FA004_2_00007FFBAA09FA00
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA066A504_2_00007FFBAA066A50
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA041A504_2_00007FFBAA041A50
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA037A404_2_00007FFBAA037A40
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA0BFEC04_2_00007FFBAA0BFEC0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA03AF404_2_00007FFBAA03AF40
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA043F404_2_00007FFBAA043F40
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA022F6B4_2_00007FFBAA022F6B
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA076F704_2_00007FFBAA076F70
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA067F604_2_00007FFBAA067F60
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA089F604_2_00007FFBAA089F60
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA0A4FC04_2_00007FFBAA0A4FC0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA0450004_2_00007FFBAA045000
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA03A0404_2_00007FFBAA03A040
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA0BC0704_2_00007FFBAA0BC070
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA02DCC04_2_00007FFBAA02DCC0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA06CD304_2_00007FFBAA06CD30
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA0ACD404_2_00007FFBAA0ACD40
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA029D704_2_00007FFBAA029D70
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA074DA04_2_00007FFBAA074DA0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA077DD04_2_00007FFBAA077DD0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA035DC04_2_00007FFBAA035DC0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA0A5DF04_2_00007FFBAA0A5DF0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA0C0E204_2_00007FFBAA0C0E20
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA0B2E504_2_00007FFBAA0B2E50
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA0D0E904_2_00007FFBAA0D0E90
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA0B32B04_2_00007FFBAA0B32B0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA0C93404_2_00007FFBAA0C9340
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA04B3B04_2_00007FFBAA04B3B0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: String function: 70A96380 appears 31 times
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: String function: 70A04230 appears 238 times
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: String function: 00007FFBAA0283F0 appears 63 times
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: String function: 00007FFBAA029050 appears 98 times
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: String function: 00007FF6FA942760 appears 82 times
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: String function: 70A968F0 appears 192 times
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: String function: 70A2D050 appears 325 times
Source: _overlapped.pyd.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: unicodedata.pyd.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: _pytransform.dll.1.drStatic PE information: Number of sections : 11 > 10
Source: Ei5hvT55El.exe, 00000001.00000003.1630093917.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32ui.cp310-win_amd64.pyd0 vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000001.00000003.1610631402.000002DC85E55000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000001.00000003.1612165920.000002DC85E55000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000001.00000003.1620696048.000002DC85E55000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_sqlite3.pyd. vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000001.00000003.1608437214.000002DC85E55000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000001.00000003.1611281907.000002DC85E55000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000001.00000003.1613536132.000002DC85E55000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000001.00000003.1623674560.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000001.00000003.1628258825.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepywintypes310.dll0 vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000001.00000003.1613122266.000002DC85E55000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000001.00000003.1629200964.000002DC85E5E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000001.00000003.1629745950.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32api.cp310-win_amd64.pyd0 vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000001.00000003.1619720915.000002DC85E55000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000001.00000003.1626077600.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000001.00000003.1613927180.000002DC85E55000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000001.00000003.1628602705.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesqlite3.dll0 vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000001.00000003.1608208247.000002DC85E55000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000001.00000003.1628372229.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000001.00000003.1622110960.000002DC85E55000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_win32sysloader.cp310-win_amd64.pyd0 vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000001.00000003.1620269527.000002DC85E55000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000001.00000003.1629899324.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32trace.cp310-win_amd64.pyd0 vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000001.00000003.1607884591.000002DC85E55000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000001.00000003.1621636767.000002DC85E55000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000001.00000003.1628018333.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepythoncom310.dll0 vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000001.00000003.1629899324.000002DC85E63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32trace.cp310-win_amd64.pyd0 vs Ei5hvT55El.exe
Source: Ei5hvT55El.exeBinary or memory string: OriginalFilename vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000004.00000002.1711646808.00007FFBBC346000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000004.00000002.1711194469.00007FFBBC262000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000004.00000002.1700646422.00007FFBAA173000.00000002.00000001.01000000.0000002E.sdmpBinary or memory string: OriginalFilenamesqlite3.dll0 vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000004.00000002.1709765381.00007FFBBB925000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000004.00000002.1710457788.00007FFBBB976000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilenamepywintypes310.dll0 vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000004.00000002.1702927294.00007FFBAB010000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamepython310.dll. vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000004.00000002.1710647188.00007FFBBC24D000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000004.00000002.1712145470.00007FFBBC706000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000004.00000002.1710151022.00007FFBBB942000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000004.00000002.1703745759.00007FFBBB6C6000.00000002.00000001.01000000.0000002D.sdmpBinary or memory string: OriginalFilename_sqlite3.pyd. vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000004.00000002.1712329797.00007FFBC315B000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000004.00000002.1704416845.00007FFBBB7BA000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilenamelibsslH vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000004.00000002.1705363344.00007FFBBB81D000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000004.00000002.1706445529.00007FFBBB8C4000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilenamepythoncom310.dll0 vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000004.00000002.1712676466.00007FFBC31F7000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000004.00000002.1702155392.00007FFBAABB1000.00000002.00000001.01000000.0000002B.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000004.00000002.1705210814.00007FFBBB7E5000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000004.00000002.1707102153.00007FFBBB8F4000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilenamewin32api.cp310-win_amd64.pyd0 vs Ei5hvT55El.exe
Source: Ei5hvT55El.exe, 00000004.00000002.1701602806.00007FFBAA6E7000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs Ei5hvT55El.exe
Source: classification engineClassification label: mal80.troj.evad.winEXE@6/87@1/0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA946FA0 GetLastError,FormatMessageW,WideCharToMultiByte,1_2_00007FF6FA946FA0
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5640:120:WilError_03
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602Jump to behavior
Source: Ei5hvT55El.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Ei5hvT55El.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: Ei5hvT55El.exe, 00000004.00000002.1700555846.00007FFBAA142000.00000002.00000001.01000000.0000002E.sdmp, sqlite3.dll.1.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: Ei5hvT55El.exe, 00000004.00000002.1700555846.00007FFBAA142000.00000002.00000001.01000000.0000002E.sdmp, sqlite3.dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: Ei5hvT55El.exe, 00000004.00000002.1700555846.00007FFBAA142000.00000002.00000001.01000000.0000002E.sdmp, sqlite3.dll.1.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: Ei5hvT55El.exe, 00000004.00000002.1700555846.00007FFBAA142000.00000002.00000001.01000000.0000002E.sdmp, sqlite3.dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: Ei5hvT55El.exe, Ei5hvT55El.exe, 00000004.00000002.1700555846.00007FFBAA142000.00000002.00000001.01000000.0000002E.sdmp, sqlite3.dll.1.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: Ei5hvT55El.exe, 00000004.00000002.1700555846.00007FFBAA142000.00000002.00000001.01000000.0000002E.sdmp, sqlite3.dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: Ei5hvT55El.exe, 00000004.00000002.1700555846.00007FFBAA142000.00000002.00000001.01000000.0000002E.sdmp, sqlite3.dll.1.drBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: Ei5hvT55El.exeVirustotal: Detection: 20%
Source: Ei5hvT55El.exeReversingLabs: Detection: 15%
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile read: C:\Users\user\Desktop\Ei5hvT55El.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\Ei5hvT55El.exe "C:\Users\user\Desktop\Ei5hvT55El.exe"
Source: C:\Users\user\Desktop\Ei5hvT55El.exeProcess created: C:\Users\user\Desktop\Ei5hvT55El.exe "C:\Users\user\Desktop\Ei5hvT55El.exe"
Source: C:\Users\user\Desktop\Ei5hvT55El.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Ei5hvT55El.exeProcess created: C:\Users\user\Desktop\Ei5hvT55El.exe "C:\Users\user\Desktop\Ei5hvT55El.exe"Jump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeSection loaded: python3.dllJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeSection loaded: libffi-7.dllJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeSection loaded: libcrypto-1_1.dllJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeSection loaded: libssl-1_1.dllJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeSection loaded: sqlite3.dllJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile opened: C:\Users\user\Desktop\pyvenv.cfgJump to behavior
Source: Ei5hvT55El.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: Ei5hvT55El.exeStatic file information: File size 19934081 > 1048576
Source: Ei5hvT55El.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: Ei5hvT55El.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: Ei5hvT55El.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: Ei5hvT55El.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Ei5hvT55El.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: Ei5hvT55El.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: Ei5hvT55El.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Ei5hvT55El.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\A\40\b\bin\amd64\sqlite3.pdb source: Ei5hvT55El.exe, 00000004.00000002.1700555846.00007FFBAA142000.00000002.00000001.01000000.0000002E.sdmp, sqlite3.dll.1.dr
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: Ei5hvT55El.exe, 00000004.00000002.1704274528.00007FFBBB785000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\win32ui.pdb source: win32ui.cp310-win_amd64.pyd.1.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: Ei5hvT55El.exe, 00000004.00000002.1701333757.00007FFBAA5EF000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_ctypes.pdb source: Ei5hvT55El.exe, 00000004.00000002.1712273248.00007FFBC3150000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\win32api.pdb source: Ei5hvT55El.exe, 00000004.00000002.1706728951.00007FFBBB8E2000.00000002.00000001.01000000.0000000D.sdmp, win32api.cp310-win_amd64.pyd.1.dr
Source: Binary string: C:\A\40\b\bin\amd64\_queue.pdb source: Ei5hvT55El.exe, 00000001.00000003.1619720915.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1711584621.00007FFBBC343000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_sqlite3.pdb source: Ei5hvT55El.exe, 00000004.00000002.1703658189.00007FFBBB6BC000.00000002.00000001.01000000.0000002D.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_overlapped.pdb source: Ei5hvT55El.exe, 00000001.00000003.1613927180.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, _overlapped.pyd.1.dr
Source: Binary string: C:\A\40\b\bin\amd64\python310.pdb source: Ei5hvT55El.exe, 00000004.00000002.1702381161.00007FFBAAEF3000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1n 15 Mar 2022built on: Tue Mar 15 18:32:50 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: Ei5hvT55El.exe, 00000004.00000002.1701333757.00007FFBAA5EF000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_lzma.pdbNN source: Ei5hvT55El.exe, 00000001.00000003.1613122266.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1709110852.00007FFBBB91C000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_asyncio.pdb source: Ei5hvT55El.exe, 00000001.00000003.1608208247.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_lzma.pdb source: Ei5hvT55El.exe, 00000001.00000003.1613122266.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1709110852.00007FFBBB91C000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_multiprocessing.pdb source: Ei5hvT55El.exe, 00000001.00000003.1613536132.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.1.dr
Source: Binary string: C:\A\40\b\bin\amd64\select.pdb source: Ei5hvT55El.exe, 00000001.00000003.1628372229.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1712043889.00007FFBBC703000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\win32trace.pdb source: Ei5hvT55El.exe, 00000001.00000003.1629899324.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, win32trace.cp310-win_amd64.pyd.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\pywintypes.pdb( source: Ei5hvT55El.exe, 00000004.00000002.1710351508.00007FFBBB960000.00000002.00000001.01000000.0000000A.sdmp, pywintypes310.dll.1.dr
Source: Binary string: C:\A\40\b\bin\amd64\unicodedata.pdb source: Ei5hvT55El.exe, 00000001.00000003.1629200964.000002DC85E5E000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1701785835.00007FFBAABAC000.00000002.00000001.01000000.0000002B.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\pythoncom.pdb source: Ei5hvT55El.exe, 00000004.00000002.1705624413.00007FFBBB876000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: Ei5hvT55El.exe, 00000004.00000002.1704274528.00007FFBBB785000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\win32ui.pdbO source: win32ui.cp310-win_amd64.pyd.1.dr
Source: Binary string: C:\A\40\b\bin\amd64\_socket.pdb source: Ei5hvT55El.exe, 00000001.00000003.1620269527.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1710849803.00007FFBBC258000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_ssl.pdb source: Ei5hvT55El.exe, 00000004.00000002.1704894975.00007FFBBB7CD000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\pywintypes.pdb source: Ei5hvT55El.exe, 00000004.00000002.1710351508.00007FFBBB960000.00000002.00000001.01000000.0000000A.sdmp, pywintypes310.dll.1.dr
Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: Ei5hvT55El.exe, 00000001.00000003.1607884591.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1712611597.00007FFBC31F1000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\_win32sysloader.pdb source: Ei5hvT55El.exe, 00000001.00000003.1622110960.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_bz2.pdb source: Ei5hvT55El.exe, 00000001.00000003.1608437214.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1710092350.00007FFBBB93D000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_hashlib.pdb source: Ei5hvT55El.exe, 00000001.00000003.1612165920.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1710589074.00007FFBBC246000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\pythoncom.pdbz) source: Ei5hvT55El.exe, 00000004.00000002.1705624413.00007FFBBB876000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: Ei5hvT55El.exe, 00000004.00000002.1701333757.00007FFBAA671000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\pyexpat.pdb source: Ei5hvT55El.exe, 00000004.00000002.1705309246.00007FFBBB812000.00000002.00000001.01000000.0000000F.sdmp
Source: Ei5hvT55El.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: Ei5hvT55El.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: Ei5hvT55El.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: Ei5hvT55El.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: Ei5hvT55El.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: VCRUNTIME140.dll.1.drStatic PE information: 0xEFFF39AD [Sun Aug 4 18:57:49 2097 UTC]
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A708E0 LoadLibraryA,GetProcAddress,GetCurrentThread,NtSetInformationThread,4_2_70A708E0
Source: _raw_ctr.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x46bb
Source: _Salsa20.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x3657
Source: _RIPEMD160.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x6f18
Source: _ghash_portable.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0xa111
Source: md.cp310-win_amd64.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0xf357
Source: _ARC4.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0xc8ba
Source: _poly1305.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0xbea9
Source: _SHA224.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x13d1f
Source: _raw_aes.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x14e8f
Source: win32ui.cp310-win_amd64.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x16a344
Source: _SHA512.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0xbd08
Source: _cffi_backend.cp310-win_amd64.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x3108a
Source: _cpuid_c.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0xe2b6
Source: _raw_ocb.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x14299
Source: _BLAKE2b.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x864f
Source: md__mypyc.cp310-win_amd64.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x280fa
Source: _raw_aesni.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0xd2c3
Source: _MD5.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x12225
Source: _raw_des.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x124f2
Source: pywintypes310.dll.1.drStatic PE information: real checksum: 0x0 should be: 0x2c30d
Source: _MD4.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x9fa9
Source: _strxor.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x10aad
Source: _pytransform.dll.1.drStatic PE information: real checksum: 0x11edfe should be: 0x11dbef
Source: _raw_ofb.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x727a
Source: _raw_blowfish.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x11ec6
Source: _raw_cbc.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x3a38
Source: win32trace.cp310-win_amd64.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x10f52
Source: _modexp.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0xdf94
Source: _ghash_clmul.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x9c9d
Source: _raw_cast.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x7870
Source: _raw_eksblowfish.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0xc1e6
Source: _SHA384.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x100ff
Source: _BLAKE2s.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x50f7
Source: _raw_ecb.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x4c1b
Source: _SHA256.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0xa85b
Source: win32api.cp310-win_amd64.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x25cc2
Source: _SHA1.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0xbd05
Source: _raw_cfb.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x9762
Source: _chacha20.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x741f
Source: _scrypt.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x80b5
Source: _raw_des3.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x10195
Source: pythoncom310.dll.1.drStatic PE information: real checksum: 0x0 should be: 0x8ce57
Source: _ec_ws.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0xc5419
Source: _MD2.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x110e3
Source: _keccak.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0xaf1b
Source: _win32sysloader.cp310-win_amd64.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x8e07
Source: _raw_arc2.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x966e
Source: Ei5hvT55El.exeStatic PE information: section name: _RDATA
Source: _pytransform.dll.1.drStatic PE information: section name: .xdata
Source: libcrypto-1_1.dll.1.drStatic PE information: section name: .00cfg
Source: libssl-1_1.dll.1.drStatic PE information: section name: .00cfg
Source: mfc140u.dll.1.drStatic PE information: section name: .didat
Source: python310.dll.1.drStatic PE information: section name: PyRuntim
Source: VCRUNTIME140.dll.1.drStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70B2A4BC push rbp; retf 4_2_70B2A4BF
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70B2A4A4 push r14; retf 4_2_70B2A4A7
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70B2A4AC push rbp; retf 4_2_70B2A4AF
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70B2A49C push rsi; retf 4_2_70B2A49F
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70B2A49C push rsi; retf 4_2_70B2A4E7
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70B2A4FC push rbp; retf 4_2_70B2A4FF
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70B2A4DC push rbp; retf 4_2_70B2A4F7
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70B2A4C4 push rdi; retf 4_2_70B2A4CF
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70B2A474 push rsi; retf 4_2_70B2A49F
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70B2A46C push rsi; retf 4_2_70B2A49F
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70B2A5BC push rsp; retf 4_2_70B2A5BF
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70B2A5A4 push rsi; retf 4_2_70B2A5AF
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70B2A58C push rbp; retf 4_2_70B2A58F
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70B2A5F4 push rbp; retf 4_2_70B2A5F7
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70B2A5CC push rbp; retf 4_2_70B2A5CF
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70B2A52C push rsi; retf 4_2_70B2A52F
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70B2A52C push rbp; retf 4_2_70B2A537
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70B2A504 push rbp; retf 4_2_70B2A507
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70B2A50C push rsi; retf 4_2_70B2A52F
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70B2A554 push rbp; retf 4_2_70B2A55F
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70B2A54C push rbp; retf 4_2_70B2A54F
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70B2A73C pushfq ; retf 4_2_70B2A74E
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70B2A744 pushfq ; retf 4_2_70B2A74E

Persistence and Installation Behavior

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle, \\.\PhysicalDrive%d4_2_70A227E0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy, \\.\PhysicalDrive%d4_2_70A22B90
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_SHA1.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Util\_strxor.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_SHA224.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Util\_cpuid_c.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\python310.dllJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_arc2.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_des.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\_sqlite3.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\_pytransform.dllJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\charset_normalizer\md__mypyc.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_ocb.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_ofb.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_aes.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_cfb.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\select.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_BLAKE2s.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\pythoncom310.dllJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_ecb.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\_asyncio.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\_cffi_backend.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_SHA384.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_SHA256.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_BLAKE2b.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\_win32sysloader.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_SHA512.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_cast.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_MD4.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\PublicKey\_ec_ws.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_poly1305.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_ARC4.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_ghash_portable.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_chacha20.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_RIPEMD160.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\win32trace.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\libffi-7.dllJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_cbc.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\mfc140u.dllJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_ctr.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_MD5.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\win32ui.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_eksblowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_MD2.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_blowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_keccak.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\pywintypes310.dllJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Math\_modexp.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\win32api.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_Salsa20.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_aesni.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\_overlapped.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\charset_normalizer\md.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_ghash_clmul.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\sqlite3.dllJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_des3.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Protocol\_scrypt.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI57602\wheel-0.43.0.dist-info\LICENSE.txtJump to behavior

Boot Survival

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle, \\.\PhysicalDrive%d4_2_70A227E0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy, \\.\PhysicalDrive%d4_2_70A22B90
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA943C90 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,1_2_00007FF6FA943C90
Source: C:\Users\user\Desktop\Ei5hvT55El.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_SHA1.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Util\_strxor.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_SHA224.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Util\_cpuid_c.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\python310.dllJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_arc2.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_des.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\_sqlite3.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\_pytransform.dllJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\charset_normalizer\md__mypyc.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_ocb.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_aes.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_ofb.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_cfb.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\select.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_BLAKE2s.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\pythoncom310.dllJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_ecb.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\_asyncio.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\_cffi_backend.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_SHA384.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_SHA256.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_BLAKE2b.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\_win32sysloader.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_SHA512.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_cast.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_MD4.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\PublicKey\_ec_ws.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_poly1305.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_ARC4.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_ghash_portable.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_chacha20.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\win32trace.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_RIPEMD160.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_cbc.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\mfc140u.dllJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_ctr.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_MD5.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\win32ui.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_eksblowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_MD2.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_blowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_keccak.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\pywintypes310.dllJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Math\_modexp.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\win32api.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_aesni.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_Salsa20.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\_overlapped.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\charset_normalizer\md.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_ghash_clmul.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_des3.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Protocol\_scrypt.pydJump to dropped file
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_1-16023
Source: C:\Users\user\Desktop\Ei5hvT55El.exeAPI coverage: 3.5 %
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA951DAC _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,1_2_00007FF6FA951DAC
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA95C06C _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,1_2_00007FF6FA95C06C
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA951DAC _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,1_2_00007FF6FA951DAC
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FF6FA95C06C _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,4_2_00007FF6FA95C06C
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FF6FA951DAC _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,4_2_00007FF6FA951DAC
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FF6FA951DAC _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,4_2_00007FF6FA951DAC
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A06A70 GetSystemInfo,VirtualAlloc,VirtualAlloc,4_2_70A06A70
Source: Ei5hvT55El.exe, 00000001.00000003.1630960328.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
Source: Ei5hvT55El.exe, 00000004.00000003.1638777892.00000214B9B33000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW-[
Source: Ei5hvT55El.exe, 00000004.00000003.1677408699.00000214B9F24000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1639833698.00000214B9F2C000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1692086959.00000214B9F2F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672044210.00000214B9F21000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1675829190.00000214B9F23000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673732089.00000214B9F23000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1639586591.00000214B9F24000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1640200711.00000214B9F27000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685062716.00000214B9F2F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1688742582.00000214B9F2F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWr,%SystemRoot%\system32\mswsock.dll

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\Ei5hvT55El.exeThread information set: HideFromDebuggerJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA955750 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF6FA955750
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A708E0 LoadLibraryA,GetProcAddress,GetCurrentThread,NtSetInformationThread,4_2_70A708E0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA95DB48 GetProcessHeap,1_2_00007FF6FA95DB48
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA955750 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF6FA955750
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA94A8DC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FF6FA94A8DC
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA94B0C4 SetUnhandledExceptionFilter,1_2_00007FF6FA94B0C4
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA94AEE0 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF6FA94AEE0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70B2A5CC SetUnhandledExceptionFilter,4_2_70B2A5CC
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A96BD1 SetUnhandledExceptionFilter,4_2_70A96BD1
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A94FD0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,4_2_70A94FD0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FF6FA955750 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00007FF6FA955750
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FF6FA94A8DC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_00007FF6FA94A8DC
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FF6FA94B0C4 SetUnhandledExceptionFilter,4_2_00007FF6FA94B0C4
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FF6FA94AEE0 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00007FF6FA94AEE0
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_00007FFBAA140060 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_00007FFBAA140060
Source: C:\Users\user\Desktop\Ei5hvT55El.exeProcess created: C:\Users\user\Desktop\Ei5hvT55El.exe "C:\Users\user\Desktop\Ei5hvT55El.exe"Jump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA963A60 cpuid 1_2_00007FF6FA963A60
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\importlib_metadata-8.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\importlib_metadata-8.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\importlib_metadata-8.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\wheel-0.43.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\wheel-0.43.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\wheel-0.43.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\wheel-0.43.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\wheel-0.43.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\pywintypes310.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmpstfjbkdc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\win32api.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\pythoncom310.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\pyexpat.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\_queue.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\jaraco\text\Lorem ipsum.txt VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\jaraco\text\Lorem ipsum.txt VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\importlib_metadata-8.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\importlib_metadata-8.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\wheel-0.43.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\wheel-0.43.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\importlib_metadata-8.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\importlib_metadata-8.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\wheel-0.43.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\wheel-0.43.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\_pytransform.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\_pytransform.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\_pytransform.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\_cffi_backend.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\charset_normalizer\md.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\charset_normalizer\md__mypyc.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602\unicodedata.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI57602 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeQueries volume information: C:\Users\user\Desktop\Ei5hvT55El.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA94ADC8 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,1_2_00007FF6FA94ADC8
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 1_2_00007FF6FA960010 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,1_2_00007FF6FA960010
Source: C:\Users\user\Desktop\Ei5hvT55El.exeCode function: 4_2_70A7094C GetVersion,GetCurrentThread,4_2_70A7094C
Source: C:\Users\user\Desktop\Ei5hvT55El.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Native API		1
Bootkit		11
Process Injection		1
Virtualization/Sandbox Evasion		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		11
Process Injection		LSASS Memory121
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager1
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
Obfuscated Files or Information		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Bootkit		LSA Secrets25
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Timestomp		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Ei5hvT55El.exe20%VirustotalBrowse
Ei5hvT55El.exe16%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_ARC4.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_Salsa20.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_chacha20.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_aes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_aesni.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_arc2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_blowfish.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_cast.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_cbc.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_cfb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_ctr.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_des.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_des3.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_ecb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_eksblowfish.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_ocb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_ofb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_BLAKE2b.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_BLAKE2s.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_MD2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_MD4.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_MD5.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_RIPEMD160.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_SHA1.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_SHA224.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_SHA256.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_SHA384.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_SHA512.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_ghash_clmul.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_ghash_portable.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_keccak.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_poly1305.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Math\_modexp.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Protocol\_scrypt.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\PublicKey\_ec_ws.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Util\_cpuid_c.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Util\_strxor.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\_asyncio.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\_cffi_backend.cp310-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\_ctypes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\_multiprocessing.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\_overlapped.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\_pytransform.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\_sqlite3.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\_win32sysloader.cp310-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\charset_normalizer\md.cp310-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\charset_normalizer\md__mypyc.cp310-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\libcrypto-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\libffi-7.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\libssl-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\mfc140u.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\pyexpat.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\python310.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\pythoncom310.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\pywintypes310.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI57602\select.pyd0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.dabeaz.com/ply)F0%Avira URL Cloudsafe
http://www.dabeaz.com/ply)0%Avira URL Cloudsafe
https://script.irisstealer.xyz/obtenciondeplaticaxxxxmiakhalifaz100%Avira URL Cloudmalware
https://wheel.readthedocs.io/en/stable/news.html0%Avira URL Cloudsafe
http://cffi.readthedocs.io/en/latest/cdef.html#ffi-cdef-limitations0%Avira URL Cloudsafe
https://script.irisstealer.xyz/obtenciondeplaticaxxxxmiakhalifa100%Avira URL Cloudmalware
https://blog.jaraco.com/skeleton0%Avira URL Cloudsafe
http://crl4.dig0%Avira URL Cloudsafe
http://ocsp.digif0%Avira URL Cloudsafe
http://bugs.python.org/issue23606)0%Avira URL Cloudsafe
https://wheel.readthedocs.io/0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
script.irisstealer.xyz
unknown
unknowntrue
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:r;NrEi5hvT55El.exe, 00000004.00000003.1640113703.00000214B9FF6000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1640113703.00000214BA046000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1639563764.00000214B9FEF000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1639514365.00000214BA046000.00000004.00000020.00020000.00000000.sdmpfalse
      		high
      http://www.dabeaz.com/ply)FEi5hvT55El.exe, 00000004.00000003.1662217074.00000214BA6B8000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.dabeaz.com/ply)Ei5hvT55El.exe, 00000004.00000002.1698820231.00000214BABB0000.00000004.00001000.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://github.com/astral-sh/ruffEi5hvT55El.exe, 00000001.00000003.1631648444.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drfalse
        		high
        https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesEi5hvT55El.exe, 00000004.00000002.1696048860.00000214B9E00000.00000004.00001000.00020000.00000000.sdmpfalse
          		high
          http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl#8pEi5hvT55El.exe, 00000004.00000003.1676229277.00000214BA932000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665492833.00000214BA90B000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1681171069.00000214BA951000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1698555556.00000214BA956000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1677440287.00000214BA94F000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://github.com/mhammond/pywin32Ei5hvT55El.exe, 00000001.00000003.1630093917.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1628258825.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1629745950.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1622110960.000002DC85E55000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1629899324.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1628018333.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000001.00000003.1629899324.000002DC85E63000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1710457788.00007FFBBB976000.00000002.00000001.01000000.0000000A.sdmp, Ei5hvT55El.exe, 00000004.00000002.1706445529.00007FFBBB8C4000.00000002.00000001.01000000.0000000E.sdmp, Ei5hvT55El.exe, 00000004.00000002.1707102153.00007FFBBB8F4000.00000002.00000001.01000000.0000000D.sdmp, pywintypes310.dll.1.dr, win32trace.cp310-win_amd64.pyd.1.dr, win32api.cp310-win_amd64.pyd.1.dr, win32ui.cp310-win_amd64.pyd.1.drfalse
              		high
              https://github.com/python/importlib_metadata/actions/workflows/main.yml/badge.svgEi5hvT55El.exe, 00000001.00000003.1631648444.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drfalse
                		high
                http://crl.dhimyotis.com/certignarootca.crl0Ei5hvT55El.exe, 00000004.00000003.1682524694.00000214BB177000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1682863107.00000214BB189000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1682631715.00000214BB181000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1699817683.00000214BB18C000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://github.com/python/importlib_metadataMETADATA.1.drfalse
                    		high
                    https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/charliermarsh/ruff/main/assetsEi5hvT55El.exe, 00000001.00000003.1631648444.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drfalse
                      		high
                      https://github.com/python/importlib_metadata/issuesEi5hvT55El.exe, 00000001.00000003.1631648444.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drfalse
                        		high
                        https://python.org/dev/peps/pep-0263/Ei5hvT55El.exe, 00000004.00000002.1702381161.00007FFBAAEF3000.00000002.00000001.01000000.00000004.sdmpfalse
                          		high
                          https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#Ei5hvT55El.exe, 00000004.00000003.1685296224.00000214B7AAA000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1639378957.00000214B7A90000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672726688.00000214B7A8A000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671932653.00000214B7A54000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672450598.00000214B7A89000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1636214500.00000214B7AA7000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1694571856.00000214B7AAC000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1636465845.00000214B7AA7000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1635899270.00000214B7AA7000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://wheel.readthedocs.io/en/stable/news.htmlEi5hvT55El.exe, 00000001.00000003.1632455786.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/corEi5hvT55El.exe, 00000004.00000003.1636465845.00000214B7AD4000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1635899270.00000214B7AD4000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1636214500.00000214B7AD4000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1637643066.00000214B7AB0000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://importlib-metadata.readthedocs.io/METADATA.1.drfalse
                                		high
                                https://tools.ietf.org/html/rfc2388#section-4.4Ei5hvT55El.exe, 00000004.00000003.1685485392.00000214BA006000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672044210.00000214B9FD0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672894033.00000214B9FD0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1684773316.00000214BA003000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674624977.00000214BA002000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685999628.00000214BA007000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673762100.00000214B9FF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://github.com/pypa/packagingEi5hvT55El.exe, 00000004.00000002.1697259290.00000214BA3B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    https://readthedocs.org/projects/importlib-metadata/badge/?version=latestEi5hvT55El.exe, 00000001.00000003.1631648444.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drfalse
                                      		high
                                      https://refspecs.linuxfoundation.org/elf/gabi4Ei5hvT55El.exe, 00000004.00000002.1697021139.00000214BA200000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        https://script.irisstealer.xyz/obtenciondeplaticaxxxxmiakhalifazEi5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672404416.00000214BA6A0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1689654987.00000214BA5B1000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662217074.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671737540.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1697802724.00000214BA6A1000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1697491822.00000214BA5B4000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://cffi.readthedocs.io/en/latest/cdef.html#ffi-cdef-limitationsEi5hvT55El.exe, 00000004.00000002.1697376180.00000214BA4B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963Ei5hvT55El.exe, 00000004.00000002.1698820231.00000214BABB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          https://blog.jaraco.com/skeletonEi5hvT55El.exe, 00000001.00000003.1631648444.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://tools.ietf.org/html/rfc3610Ei5hvT55El.exe, 00000004.00000003.1687103868.00000214BA0F9000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672404416.00000214BA6A0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662217074.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1688118236.00000214BA6A3000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671737540.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665375550.00000214BA067000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674729640.00000214BA0F6000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672687535.00000214BA0F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://github.com/platformdirs/platformdirsEi5hvT55El.exe, 00000004.00000002.1697376180.00000214BA4B0000.00000004.00001000.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671737540.00000214BA5DD000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662987427.00000214BA5CE000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1688030565.00000214BA5DE000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1697568052.00000214BA5E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://crl.dhimyotis.com/certignarootca.crlEi5hvT55El.exe, 00000004.00000003.1682524694.00000214BB177000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1683925122.00000214BB180000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1699765818.00000214BB180000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://curl.haxx.se/rfc/cookie_spec.htmlEi5hvT55El.exe, 00000004.00000003.1664587308.00000214BA8CF000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1699239935.00000214BAF30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://ocsp.accv.esEi5hvT55El.exe, 00000004.00000002.1696701460.00000214B9F87000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1678417811.00000214B9F86000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672044210.00000214B9F21000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674213069.00000214B9F67000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673307262.00000214B9F3E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://script.irisstealer.xyz/obtenciondeplaticaxxxxmiakhalifaEi5hvT55El.exe, 00000004.00000002.1699349281.00000214BB074000.00000004.00001000.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1696932113.00000214BA100000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.mdEi5hvT55El.exe, 00000001.00000003.1632455786.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:Ei5hvT55El.exe, 00000004.00000003.1640113703.00000214B9FF6000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1640113703.00000214BA046000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1639563764.00000214B9FEF000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1639514365.00000214BA046000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://json.orgEi5hvT55El.exe, 00000004.00000003.1671737540.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1677506557.00000214B9F2E000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1679801436.00000214BA011000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyEi5hvT55El.exe, 00000004.00000002.1698691028.00000214BA9B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688Ei5hvT55El.exe, 00000004.00000002.1694993572.00000214B9848000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://httpbin.org/getEi5hvT55El.exe, 00000004.00000002.1699239935.00000214BAF30000.00000004.00001000.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1696763810.00000214B9FB2000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673732089.00000214B9F23000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1681727117.00000214BA99F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665492833.00000214BA98C000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1687414270.00000214B9FB1000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674213069.00000214B9F67000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1677470433.00000214BA909000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685062716.00000214B9F2F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672044210.00000214B9FA8000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1688742582.00000214B9F2F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1677506557.00000214B9F2E000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1676291573.00000214BA99E000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673307262.00000214B9F3E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-accessEi5hvT55El.exe, 00000004.00000003.1677408699.00000214B9F24000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1692086959.00000214B9F2F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672044210.00000214B9F21000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1640113703.00000214B9FF6000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1675829190.00000214B9F23000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673732089.00000214B9F23000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1640113703.00000214BA046000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1640200711.00000214B9F27000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1639563764.00000214B9FEF000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685062716.00000214B9F2F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1688742582.00000214B9F2F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1677506557.00000214B9F2E000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1639514365.00000214BA046000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://wwww.certigna.fr/autorites/0mEi5hvT55El.exe, 00000004.00000003.1682524694.00000214BB177000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1683925122.00000214BB180000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1682863107.00000214BB189000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1699765818.00000214BB180000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1682631715.00000214BB181000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1699817683.00000214BB18C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://github.com/pypa/wheelEi5hvT55El.exe, 00000001.00000003.1632455786.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.python.org/dev/peps/pep-0427/Ei5hvT55El.exe, 00000001.00000003.1632455786.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerEi5hvT55El.exe, 00000004.00000003.1636465845.00000214B7AD4000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685296224.00000214B7AAA000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1639378957.00000214B7A90000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1635899270.00000214B7AD4000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672726688.00000214B7A8A000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671932653.00000214B7A54000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1636214500.00000214B7AD4000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672450598.00000214B7A89000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1636214500.00000214B7AA7000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1694571856.00000214B7AAC000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1637643066.00000214B7AB0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1636465845.00000214B7AA7000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1635899270.00000214B7AA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://foo/bar.tgzEi5hvT55El.exe, 00000004.00000002.1697021139.00000214BA200000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.accv.es/legislacion_c.htm5Ei5hvT55El.exe, 00000004.00000003.1672823232.00000214BA61F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674890755.00000214BA61F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671737540.00000214BA61F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1686901965.00000214BA61F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1684062319.00000214BA61F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1691625523.00000214BA620000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://httpbin.org/Ei5hvT55El.exe, 00000004.00000003.1685412227.00000214BA6BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://wwww.certigna.fr/autorites/Ei5hvT55El.exe, 00000004.00000003.1683023234.00000214BB168000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1683163107.00000214BB16C000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1682770286.00000214BB161000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gzEi5hvT55El.exe, 00000004.00000002.1697467468.00000214BA5B0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662987427.00000214BA5CE000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1642089219.00000214BA5BE000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1642089219.00000214BA601000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://docs.python.org/3/reference/import.html#finders-and-loadersEi5hvT55El.exe, 00000001.00000003.1631648444.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drfalse
                                                                                      		high
                                                                                      https://img.shields.io/badge/skeleton-2024-informationalEi5hvT55El.exe, 00000001.00000003.1631648444.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drfalse
                                                                                        		high
                                                                                        http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535Ei5hvT55El.exe, 00000004.00000003.1688447052.00000214BA7EB000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1698246767.00000214BA81F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1684482653.00000214BA797000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674121357.00000214BA76E000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1684337416.00000214BA793000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673355897.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA704000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1684933675.00000214BA711000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1689578247.00000214BA81C000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1676115328.00000214BA790000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1687916946.00000214BA7CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syEi5hvT55El.exe, 00000004.00000003.1636465845.00000214B7AD4000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685296224.00000214B7AAA000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1639378957.00000214B7A90000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1635899270.00000214B7AD4000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672726688.00000214B7A8A000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671932653.00000214B7A54000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1636214500.00000214B7AD4000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672450598.00000214B7A89000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1636214500.00000214B7AA7000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1694571856.00000214B7AAC000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1637643066.00000214B7AB0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1636465845.00000214B7AA7000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1635899270.00000214B7AA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-76Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1677408699.00000214B9F24000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674121357.00000214BA76E000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673355897.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1692086959.00000214B9F2F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672044210.00000214B9F21000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1675829190.00000214B9F23000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673732089.00000214B9F23000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685062716.00000214B9F2F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1688742582.00000214B9F2F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1677506557.00000214B9F2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://github.com/pypa/packagingMEI57602Ei5hvT55El.exe, 00000004.00000002.1697259290.00000214BA3B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://crl.securetrust.com/STCA.crlEi5hvT55El.exe, 00000004.00000003.1671374371.00000214BA98C000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665492833.00000214BA98C000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1681727117.00000214BA995000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://wwwsearch.sf.net/):Ei5hvT55El.exe, 00000004.00000003.1664587308.00000214BA8CF000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1683287673.00000214BA890000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672296898.00000214BA88E000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671425216.00000214BA88C000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1664587308.00000214BA884000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0Ei5hvT55El.exe, 00000004.00000003.1676229277.00000214BA932000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1683000688.00000214BA95A000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665492833.00000214BA90B000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1696701460.00000214B9F87000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1678417811.00000214B9F86000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672044210.00000214B9F21000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1681171069.00000214BA951000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674213069.00000214B9F67000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1683976648.00000214BA95D000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1677440287.00000214BA94F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673307262.00000214B9F3E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.accv.es/legislacion_c.htmEi5hvT55El.exe, 00000004.00000003.1672823232.00000214BA61F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674890755.00000214BA61F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671737540.00000214BA61F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1686901965.00000214BA61F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1684062319.00000214BA61F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1691625523.00000214BA620000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://tools.ietf.org/html/rfc6125#section-6.4.3Ei5hvT55El.exe, 00000004.00000002.1699037647.00000214BAE98000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://cffi.readthedocs.io/en/latest/using.html#callbacksEi5hvT55El.exe, Ei5hvT55El.exe, 00000004.00000002.1703068244.00007FFBAB93B000.00000002.00000001.01000000.00000016.sdmpfalse
                                                                                                            		high
                                                                                                            http://crl.xrampsecurity.com/XGCA.crl0Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674121357.00000214BA76E000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673355897.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1676115328.00000214BA790000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://tools.ietf.org/html/rfc5234Ei5hvT55El.exe, 00000004.00000002.1698918533.00000214BAD14000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://www.cert.fnmt.es/dpcs/Ei5hvT55El.exe, 00000004.00000003.1683023234.00000214BB168000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1687500314.00000214B9BE8000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1684982506.00000214B9BA7000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674402540.00000214B9BA6000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1683163107.00000214BB16C000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1686424048.00000214B9BDF000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1682770286.00000214BB161000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673789255.00000214B9B96000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672207554.00000214B9B88000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://crl4.digEi5hvT55El.exe, 00000001.00000003.1626732060.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://setuptools.pypa.io/en/latest/pkg_resources.htmlEi5hvT55El.exe, 00000004.00000003.1640113703.00000214BA046000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1639514365.00000214BA046000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://google.com/mailEi5hvT55El.exe, 00000004.00000003.1684681747.00000214BA6B5000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674077985.00000214BA6B3000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685385753.00000214BA6AF000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1689680162.00000214BA6BE000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672404416.00000214BA6A0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1675900387.00000214BA6B4000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685218194.00000214BA6B6000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672497349.00000214BA6B2000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671737540.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685412227.00000214BA6BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://img.shields.io/pypi/v/importlib_metadata.svgEi5hvT55El.exe, 00000001.00000003.1631648444.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drfalse
                                                                                                                        		high
                                                                                                                        https://packaging.python.org/specifications/entry-points/Ei5hvT55El.exe, 00000004.00000002.1698691028.00000214BA9B0000.00000004.00001000.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1698918533.00000214BACB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://github.com/jaraco/jaraco.functools/issues/5Ei5hvT55El.exe, 00000004.00000003.1643498785.00000214B9BE4000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1697021139.00000214BA200000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://www.accv.es00Ei5hvT55El.exe, 00000004.00000003.1672823232.00000214BA61F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1676229277.00000214BA932000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674890755.00000214BA61F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1683000688.00000214BA95A000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665492833.00000214BA90B000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671737540.00000214BA61F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1686901965.00000214BA61F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1684062319.00000214BA61F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1681171069.00000214BA951000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1683976648.00000214BA95D000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1691625523.00000214BA620000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1677440287.00000214BA94F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyEi5hvT55El.exe, 00000004.00000003.1635899270.00000214B7AA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://www.rfc-editor.org/info/rfc7253Ei5hvT55El.exe, 00000004.00000003.1663181838.00000214BA727000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1663116325.00000214BA715000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662217074.00000214BA70F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA704000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1689043821.00000214BA708000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662217074.00000214BA6D6000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1697884227.00000214BA708000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://bugs.python.org/issue23606)Ei5hvT55El.exe, 00000004.00000002.1698691028.00000214BA9B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdfEi5hvT55El.exe, 00000004.00000003.1687103868.00000214BA0F9000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672404416.00000214BA6A0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662217074.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1688118236.00000214BA6A3000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671737540.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665375550.00000214BA067000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674729640.00000214BA0F6000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672687535.00000214BA0F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://foss.heptapod.net/pypy/pypy/-/issues/3539Ei5hvT55El.exe, 00000004.00000002.1698820231.00000214BABB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674781977.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673355897.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1688810133.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1686768871.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685694477.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1698042160.00000214BA764000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://google.com/Ei5hvT55El.exe, 00000004.00000003.1692179063.00000214BA724000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1697933165.00000214BA724000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA704000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1687659535.00000214BA71F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1675486038.00000214BA71D000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1688335730.00000214BA723000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673355897.00000214BA71A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://mahler:8092/site-updates.pyEi5hvT55El.exe, 00000004.00000003.1674288357.00000214B9F46000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1686596932.00000214B9F47000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672044210.00000214B9F21000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662987427.00000214BA5CE000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1696450833.00000214B9F52000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1687687157.00000214B9F4F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673307262.00000214B9F3E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://crl.securetrust.com/SGCA.crlEi5hvT55El.exe, 00000004.00000003.1665492833.00000214BA98C000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1681727117.00000214BA995000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://.../back.jpegEi5hvT55El.exe, 00000004.00000002.1699037647.00000214BAECC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://tools.ietf.org/html/rfc5869Ei5hvT55El.exe, 00000004.00000003.1663116325.00000214BA732000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1697991465.00000214BA74B000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662217074.00000214BA732000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA704000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673355897.00000214BA71A000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673915098.00000214BA730000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674781977.00000214BA737000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685694477.00000214BA74A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://www.python.org/download/releases/2.3/mro/.Ei5hvT55El.exe, 00000004.00000002.1694993572.00000214B97C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.htmlEi5hvT55El.exe, 00000004.00000003.1684681747.00000214BA6B5000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662217074.00000214BA770000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674077985.00000214BA6B3000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1687246798.00000214BA6FE000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1663116325.00000214BA732000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674121357.00000214BA76E000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1687103868.00000214BA0F9000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673355897.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1686768871.00000214BA750000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662710936.00000214BA764000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662217074.00000214BA732000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672404416.00000214BA6A0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA704000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1689043821.00000214BA708000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1686453183.00000214BA770000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662217074.00000214BA6D6000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662217074.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1675900387.00000214BA6B4000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685218194.00000214BA6B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://github.com/pypa/wheel/issuesEi5hvT55El.exe, 00000001.00000003.1632455786.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://httpbin.org/postEi5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA704000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673355897.00000214BA71A000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673915098.00000214BA730000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://ocsp.digifEi5hvT55El.exe, 00000001.00000003.1623674560.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                          		unknown
                                                                                                                                                          https://github.com/Ousret/charset_normalizerEi5hvT55El.exe, 00000004.00000003.1671425216.00000214BA8B3000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1664587308.00000214BA8B3000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1681491635.00000214BA8B3000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1698388603.00000214BA8B3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://img.shields.io/pypi/pyversions/importlib_metadata.svgEi5hvT55El.exe, 00000001.00000003.1631648444.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drfalse
                                                                                                                                                              		high
                                                                                                                                                              http://www.firmaprofesional.com/cps0Ei5hvT55El.exe, 00000004.00000003.1684681747.00000214BA6B5000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1683023234.00000214BB168000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674077985.00000214BA6B3000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1684439500.00000214BB16E000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1683163107.00000214BB16C000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672404416.00000214BA6A0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1689437436.00000214BA6E0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1682770286.00000214BB161000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1675900387.00000214BA6B4000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685218194.00000214BA6B6000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672497349.00000214BA6B2000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671737540.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685412227.00000214BA6BD000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1697859149.00000214BA6E9000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1699742880.00000214BB16E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://tidelift.com/badges/package/pypi/importlib-metadataEi5hvT55El.exe, 00000001.00000003.1631648444.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://github.com/urllib3/urllib3/issues/2920Ei5hvT55El.exe, 00000004.00000002.1698691028.00000214BA9B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://crl.securetrust.com/SGCA.crl0Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA704000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1687659535.00000214BA71F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1675486038.00000214BA71D000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1688335730.00000214BA723000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673355897.00000214BA71A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://yahoo.com/Ei5hvT55El.exe, 00000004.00000003.1684681747.00000214BA6B5000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674077985.00000214BA6B3000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685385753.00000214BA6AF000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1689680162.00000214BA6BE000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672404416.00000214BA6A0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1675900387.00000214BA6B4000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685218194.00000214BA6B6000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672497349.00000214BA6B2000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671737540.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685412227.00000214BA6BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://crl.securetrust.com/STCA.crl0Ei5hvT55El.exe, 00000004.00000003.1665786319.00000214BA66F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1671563666.00000214BA704000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1687659535.00000214BA71F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1675486038.00000214BA71D000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1688335730.00000214BA723000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673355897.00000214BA71A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://github.com/python/importlib_metadata/actions?query=workflow%3A%22tests%22Ei5hvT55El.exe, 00000001.00000003.1631648444.000002DC85E56000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6Ei5hvT55El.exe, 00000004.00000003.1671737540.00000214BA5DD000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1662987427.00000214BA5CE000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1688030565.00000214BA5DE000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1697568052.00000214BA5E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://wheel.readthedocs.io/Ei5hvT55El.exe, 00000001.00000003.1632455786.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                                              		unknown
                                                                                                                                                                              http://crl.thawte.com/ThawteTimestampingCA.crl0Ei5hvT55El.exe, 00000001.00000003.1623531662.000002DC85E56000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://html.spec.whatwg.org/multipage/Ei5hvT55El.exe, 00000004.00000003.1673643045.00000214BA00C000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685999628.00000214BA011000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672044210.00000214B9FD0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672894033.00000214B9FD0000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1686260157.00000214BA03A000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1684588051.00000214BA011000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1674540395.00000214BA010000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1679801436.00000214BA011000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://www.quovadisglobal.com/cps0Ei5hvT55El.exe, 00000004.00000003.1677408699.00000214B9F24000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1692086959.00000214B9F2F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1672044210.00000214B9F21000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1675829190.00000214B9F23000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1673732089.00000214B9F23000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1685062716.00000214B9F2F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1688742582.00000214B9F2F000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1677506557.00000214B9F2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crlEi5hvT55El.exe, 00000004.00000003.1676229277.00000214BA932000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1665492833.00000214BA90B000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1681171069.00000214BA951000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000002.1698555556.00000214BA956000.00000004.00000020.00020000.00000000.sdmp, Ei5hvT55El.exe, 00000004.00000003.1677440287.00000214BA94F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high

                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                      No contacted IP infos

                                                                                                                                                                                      General Information

                                                                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                      Analysis ID:1578079
                                                                                                                                                                                      Start date and time:2024-12-19 08:40:45 +01:00
                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                      Overall analysis duration:0h 9m 11s
                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                      Report type:full
                                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                      Number of analysed new started processes analysed:10
                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                      Technologies:
                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                      Sample name:Ei5hvT55El.exe
                                                                                                                                                                                      renamed because original name is a hash value
                                                                                                                                                                                      Original Sample Name:d162e84ba7fba61543ef898b324ec251.exe
                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                      Classification:mal80.troj.evad.winEXE@6/87@1/0
                                                                                                                                                                                      EGA Information:
                                                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                                                      HCA Information:
                                                                                                                                                                                      • Successful, ratio: 99%
                                                                                                                                                                                      • Number of executed functions: 97
                                                                                                                                                                                      • Number of non-executed functions: 159
                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                      • Found application associated with file extension: .exe

                                                                                                                                                                                      Warnings

                                                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, conhost.exe
                                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 20.190.177.147, 20.190.147.0, 20.190.147.1, 20.190.177.84, 20.190.147.9, 20.190.147.8, 20.190.147.6, 20.190.147.7, 20.42.65.92, 52.182.143.212, 4.245.163.56
                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): prdv4a.aadg.msidentity.com, onedsblobprdeus17.eastus.cloudapp.azure.com, ocsp.digicert.com, onedsblobprdcus15.centralus.cloudapp.azure.com, slscr.update.microsoft.com, login.live.com, www.tm.v4.a.prd.aadg.akadns.net, blobcollector.events.data.trafficmanager.net, www.tm.lg.prod.aadmsa.akadns.net, umwatson.events.data.microsoft.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                      • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                                      • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                                                                                      Simulations

                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                      No simulations

                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                      IPs

                                                                                                                                                                                      No context

                                                                                                                                                                                      Domains

                                                                                                                                                                                      No context

                                                                                                                                                                                      ASNs

                                                                                                                                                                                      No context

                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                      No context

                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_ARC4.pydfile.exeGet hashmaliciousScreenConnect Tool, Amadey, LummaC Stealer, PureLog Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                        file.exeGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              SecurityUpdate.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                SnapshotLogExtractor.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_Salsa20.pydfile.exeGet hashmaliciousScreenConnect Tool, Amadey, LummaC Stealer, PureLog Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                    file.exeGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          SecurityUpdate.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            SnapshotLogExtractor.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\4f6689yg

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4
                                                                                                                                                                                                              Entropy (8bit):2.0
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:qn:qn
                                                                                                                                                                                                              MD5:3F1D1D8D87177D3D8D897D7E421F84D6
                                                                                                                                                                                                              SHA1:DD082D742A5CB751290F1DB2BD519C286AA86D95
                                                                                                                                                                                                              SHA-256:F02285FB90ED8C81531FE78CF4E2ABB68A62BE73EE7D317623E2C3E3AEFDFFF2
                                                                                                                                                                                                              SHA-512:2AE2B3936F31756332CA7A4B877D18F3FCC50E41E9472B5CD45A70BEA82E29A0FA956EE6A9EE0E02F23D9DB56B41D19CB51D88AAC06E9C923A820A21023752A9
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Reputation:moderate, very likely benign file
                                                                                                                                                                                                              Preview:blat

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_ARC4.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):11264
                                                                                                                                                                                                              Entropy (8bit):4.634028407547307
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:z8MwxTCa5Xv7BelL7u1R/r8qJ7pfpsPG6QEYHGBp5WCmNniHisDJ9UFv4:zTwxTltlelL7urFfUQa5NmYjDLU
                                                                                                                                                                                                              MD5:BA43C9C79B726F52CD3187231E3A780F
                                                                                                                                                                                                              SHA1:EC0538F8F32F3C58CB7430E82C416B44C0B03D12
                                                                                                                                                                                                              SHA-256:7B5E1F955E198278A39B94F6AC18D49CEE21B99C8A951DE722FF99A153162A0B
                                                                                                                                                                                                              SHA-512:A74056F9D853B2F020800D9DB0C1C50AD704E5DBD6B9A0A169E1BCC6299AB02E5D1F6A9C0A4FEBE9E14D8FE3264D836E67ADCD1AD2F1C380FED4A98A48E3F3E3
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                              • Filename: SecurityUpdate.exe, Detection: malicious, Browse
                                                                                                                                                                                                              • Filename: SnapshotLogExtractor.exe, Detection: malicious, Browse
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................@......................@.......@.......@.......f.......f.......f.......f.......Rich............................PE..d...a."`.........." ................T........................................p............`.........................................`'.......(..d....P.......@...............`..$....!...............................!..8............ ...............................text............................... ..`.rdata..*.... ......................@..@.data...H....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......(..............@..@.reloc..$....`.......*..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_Salsa20.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):13824
                                                                                                                                                                                                              Entropy (8bit):5.010720322611065
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:EUBpDmr37utd9PHv2DznuRGMeS4JUHNDLUYd:mDit6DCVn4WZUW
                                                                                                                                                                                                              MD5:991AA4813AF0ADF95B0DF3F59879E21C
                                                                                                                                                                                                              SHA1:E44DB4901FFBBB9E8001B5B3602E59F6D2CCC9C8
                                                                                                                                                                                                              SHA-256:5B86D84DA033128000D8BC00A237AB07D5FF75078216654C224854BEC0CD6641
                                                                                                                                                                                                              SHA-512:C6A9DB8338330AB45A8522FBEF5B59374176AC4BF2C0BAE6471AA6FA4710B7EFE20E9331BA542FA274D32DE623A0B578A1A048765F000F74B1608FFA05E5C550
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                              • Filename: SecurityUpdate.exe, Detection: malicious, Browse
                                                                                                                                                                                                              • Filename: SnapshotLogExtractor.exe, Detection: malicious, Browse
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................K........................&.......................................'............Rich....................PE..d...b."`.........." ................T.....................................................`.........................................@8.......9..d....`.......P..L............p..$....1...............................1..8............0...............................text...x........................... ..`.rdata..2....0......................@..@.data...H....@.......,..............@....pdata..L....P......................@..@.rsrc........`.......2..............@..@.reloc..$....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_chacha20.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):13312
                                                                                                                                                                                                              Entropy (8bit):5.030943993303202
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:fhgUBpDmr37utd9PVv2Jnl0Ne3erKr5okiy0Y23RAr2Z9lkNCqDLU/:sDitwJooNiyX2hUA9f0U/
                                                                                                                                                                                                              MD5:43C8516BE2AE73FB625E8496FD181F1C
                                                                                                                                                                                                              SHA1:6D38E8EE6D38759FDBA6558848DA62BB3FB51EC8
                                                                                                                                                                                                              SHA-256:3A1ACFA87110ACE2F8B8F60B03E264F22E2B7E76B53AD98C3B260686B1C27C57
                                                                                                                                                                                                              SHA-512:B8DCD4875EF7759DA1F8B96FC85DAC8910720C8168F09AC52DAF85C637955274093530406BE2A58EF237BFAB8CCDF4F06F96EBA7ADFC4F413CBF0E5A7D447774
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................K........................&.......................................'............Rich....................PE..d...b."`.........." ................T.....................................................`..........................................7.......8..d....`.......P..d............p..$....1...............................1..8............0...............................text...(........................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..d....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..$....p.......2..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_aes.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):35840
                                                                                                                                                                                                              Entropy (8bit):6.5985845002689825
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:ZOISQpPUUllvxL/7v/iKBt5ByU0xGitqzSEkxGG7+tpKHb/LZ7fr52E0H680xz4e:nLh7JbH1G4sS4j990th9VQFI
                                                                                                                                                                                                              MD5:DACF0299F0ACD196C0B0C35440C9CF78
                                                                                                                                                                                                              SHA1:CFFD37FE04854D60E87058B33CA313F532879BF7
                                                                                                                                                                                                              SHA-256:1199152F31FC5179FD39733B6B7D60B7F4A7269FE28CBC434F87FA53810B305D
                                                                                                                                                                                                              SHA-512:7FFA5A8979F4258968E37540348E62FD22C795981F4AA9A6962DDEC17CEC8265EC7A7FF7EE4A2EBADF4DA35062972E4C7ADF7C8D4031B60AE218872807E092D9
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................@......................@.......@.......@.......f.......f.......f.......f.......Rich............................PE..d...]."`.........." .....H...F......T.....................................................`.........................................0...........d...............................0......................................8............`...............................text....G.......H.................. ..`.rdata...5...`...6...L..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_aesni.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):15360
                                                                                                                                                                                                              Entropy (8bit):5.181873142782463
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:9Ee15je/I3TuvPfB1LeLi2jcXdq2QdeJgDZETDRcYcaKAADLU5YUod:992Y6/B1KL4XdQdggDZ8EU5YUm
                                                                                                                                                                                                              MD5:5D1CAEEDC9595EC0A30507C049F215D7
                                                                                                                                                                                                              SHA1:B963E17679A0CB1EFDC388B8218BE7373DE8E6CC
                                                                                                                                                                                                              SHA-256:A5C4143DDFA6C10216E9467A22B792541096E222EFE71C930A5056B917E531A0
                                                                                                                                                                                                              SHA-512:BE8471BE53AFA1EDCAA742B7D1D4222D15D4682BA8E1F8376FC65C46CCC5FE0890D24BBAFB6616F625D5D37A087762317EBAA4AE6518443E644FA01EBC4496E5
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................[........................*.......................................7............Rich....................PE..d...]."`.........." ......... ......T.....................................................`.........................................p9.......:..d....`.......P...............p..$....1...............................1..8............0.. ............................text............................... ..`.rdata.......0......."..............@..@.data...8....@.......2..............@....pdata.......P.......4..............@..@.rsrc........`.......8..............@..@.reloc..$....p.......:..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_arc2.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):16384
                                                                                                                                                                                                              Entropy (8bit):5.400580637932519
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:rEJe0rPeLTuUt4/wgroOCouz7ucc9dJ7oAAokDLU45Gc:3mUGr9n6769laU45
                                                                                                                                                                                                              MD5:4795B16B5E63AEE698E8B601C011F6E6
                                                                                                                                                                                                              SHA1:4AA74966B5737A818B168DA991472380FE63AD3E
                                                                                                                                                                                                              SHA-256:78DB7D57C23AC96F5D56E90CFB0FBB2E10DE7C6AF48088354AA374709F1A1087
                                                                                                                                                                                                              SHA-512:73716040ECF217E41A34FADEA6046D802982F2B01D0133BFD5C215499C84CB6D386AF81235CA21592722F57EA31543D35B859BE2AF1972F347C93A72131C06C2
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...]."`.........." ....."... ......T.....................................................`.........................................@I.......I..d....p.......`..................$....B...............................B..8............@...............................text...8 .......".................. ..`.rdata.......@.......&..............@..@.data...H....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..$............>..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_blowfish.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):20480
                                                                                                                                                                                                              Entropy (8bit):6.159203027693185
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:iUpJ7Grjup/vx81AguKUiZA3OkJYkO8d3KobfoHJAyZJg8D0KThxA+rAQE+tnJi8:I2XKAs3ZArTvHbgpJgLa0Mp83xhUoz
                                                                                                                                                                                                              MD5:9F33973B19B84A288DF7918346CEC5E4
                                                                                                                                                                                                              SHA1:A646146337225D3FA064DE4B15BF7D5C35CE5338
                                                                                                                                                                                                              SHA-256:DC86A67CFF9CB3CC763AAAB2D357EC6DBC0616A5DFC16EBE214E8E2C04242737
                                                                                                                                                                                                              SHA-512:D7FFA4A640EBD2C9121DBD1BA107B5D76C0385524C4F53DE6FDA1BB0EC16541CEF1981F7E1DAA84F289D4A7D566B0620690AF97AF47F528BBF5B2CD6E49FE90C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...^."`.........." .....$..........T.....................................................`..........................................X.......Y..d............p..................0....Q...............................R..8............@...............................text...H#.......$.................. ..`.rdata.......@.......(..............@..@.data...H....`.......F..............@....pdata.......p.......H..............@..@.rsrc................L..............@..@.reloc..0............N..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_cast.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):24576
                                                                                                                                                                                                              Entropy (8bit):6.493034619151615
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:pksGDsFSQkHUleKaZXmrfXA+UA10ol31tuXOQkUdT:kTK0K4XmrXA+NNxW+Ud
                                                                                                                                                                                                              MD5:89D4B1FC3A62B4A739571855F22E0C18
                                                                                                                                                                                                              SHA1:F0F6A893A263EEEB00408F5F87DC9ABB3D3259A6
                                                                                                                                                                                                              SHA-256:3832F95FE55D1B4DA223DF5438414F03F18D5EF4AAFD285357A81E4ED5AD5DA1
                                                                                                                                                                                                              SHA-512:20C713564C0658FD7A26F56BF629B80FCB4E7F785E66A00163933D57C8E5A344F6B0476F7395A6D8A526D78A60C85884CEFF6B3F812A8EE07E224C9E91F878C1
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................K........................&.......................................'............Rich....................PE..d...^."`.........." .....$...>............................................................`.........................................@h.......h..d...............................0....a...............................a..8............@...............................text...x".......$.................. ..`.rdata...,...@.......(..............@..@.data...H....p.......V..............@....pdata...............X..............@..@.rsrc................\..............@..@.reloc..0............^..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_cbc.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):12288
                                                                                                                                                                                                              Entropy (8bit):4.700268562557766
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:zh05p7mr3Tutd9PUv2anKfI1ve86rYDLUa:tD6t/GKfevTTUa
                                                                                                                                                                                                              MD5:73DD025BFA3CFB38E5DAAD0ED9914679
                                                                                                                                                                                                              SHA1:65D141331E8629293146D3398A2F76C52301D682
                                                                                                                                                                                                              SHA-256:C89F3C0B89CFEE35583D6C470D378DA0AF455EBD9549BE341B4179D342353641
                                                                                                                                                                                                              SHA-512:20569F672F3F2E6439AFD714F179A590328A1F9C40C6BC0DC6FCAD7581BC620A877282BAF7EC7F16AAA79724BA2165F71D79AA5919C8D23214BBD39611C23AED
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...`."`.........." ................T.....................................................`..........................................7.......8..d....`.......P..X............p..$....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..$....p......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_cfb.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):13312
                                                                                                                                                                                                              Entropy (8bit):4.99372428436515
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:Dardk3qQb3GukBPZCLfSQl+x5DLUzbgd6:dNzFkHCLKUzbO
                                                                                                                                                                                                              MD5:E87AAC7F2A9BF57D6796E5302626EE2F
                                                                                                                                                                                                              SHA1:4B633501E76E96C8859436445F38240F877FC6C6
                                                                                                                                                                                                              SHA-256:97BF9E392D6AD9E1EC94237407887EA3D1DEC2D23978891A8174C03AF606FD34
                                                                                                                                                                                                              SHA-512:108663F0700D9E30E259A62C1AE35B23F5F2ABD0EFF00523AAE171D1DB803DA99488C7395AFD3AD54A242F0CB2C66A60E6904D3E3F75BB1193621FD65DF4AD5C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................@....................@......@......@......f......f......f.~.....f......Rich....................PE..d...`."`.........." ................T.....................................................`..........................................8......H9..d....`.......P..d............p..$....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..d....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..$....p.......2..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_ctr.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):14848
                                                                                                                                                                                                              Entropy (8bit):5.274628449067808
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:ktVGzeoI3DuzPpcAdXdO57EEE/quBiFElcUNIDLUnF6+ud:nNYqFcAdXdDqurIUnUp
                                                                                                                                                                                                              MD5:F3F30D72D6D7F4BA94B3C1A9364F1831
                                                                                                                                                                                                              SHA1:46705C3A35C84BF15CF434E2607BDDD18991E138
                                                                                                                                                                                                              SHA-256:7820395C44EAB26DE0312DFC5D08A9A27398F0CAA80D8F9A88DEE804880996FF
                                                                                                                                                                                                              SHA-512:01C5EA300A7458EFE1B209C56A826DF0BF3D6FF4DD512F169D6AEE9D540600510C3249866BFB991975CA5E41C77107123E480EDA4D55ECCB88ED22399EE57912
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........o....................@......................@.......@.......@.......f.......f.......f.......f.......Rich............................PE..d...a."`.........." ......... ......T.....................................................`.........................................P9.......:..d....`.......P...............p..$....1...............................1..8............0.. ............................text............................... ..`.rdata.......0....... ..............@..@.data........@.......0..............@....pdata.......P.......2..............@..@.rsrc........`.......6..............@..@.reloc..$....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_des.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):56832
                                                                                                                                                                                                              Entropy (8bit):4.23001088085281
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:m3gj0/sz71dv/ZHkVnYcZiGKdZHDLIK4vnKAnKorZOzUbq+K9:7jssHZHTr4vZHb69
                                                                                                                                                                                                              MD5:020A1E1673A56AF5B93C16B0D312EF50
                                                                                                                                                                                                              SHA1:F69C1BB224D30F54E4555F71EA8CAD4ACB5D39BC
                                                                                                                                                                                                              SHA-256:290B3ED6151B7BF8B7B227EF76879838294F7FF138AF68E083C2FDDC0A50E4FC
                                                                                                                                                                                                              SHA-512:71B5ED33B51F112896BB59D39B02010B3ABC02B3032BD17E2AA084807492DA71BDE8F12ADEF72C6CC0A5A52D783CD7595EEC906C394A21327ADAB2927E853B1F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Sj..2...2...2...J...2..LC...2...Y...2...2...2..LC...2..LC...2..LC...2..j@...2..j@...2..j@...2..j@...2..Rich.2..........................PE..d..._."`.........." .....6...................................................0............`.....................................................d...............l............ ..0... ...............................@...8............P...............................text....5.......6.................. ..`.rdata..T....P.......:..............@..@.data...H...........................@....pdata..l...........................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_des3.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):57344
                                                                                                                                                                                                              Entropy (8bit):4.2510443883540265
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:wVgj0/sKzNweVC/ZHkNnYcZiGKdZHDLaK0vnKAnKLrZVwUbqeo:njsskKZHLR0vZmbx
                                                                                                                                                                                                              MD5:EC55478B5DD99BBE1EBA9D6AD8BDE079
                                                                                                                                                                                                              SHA1:EC730D05FEEC83B1D72784C2265DC2E2CF67C963
                                                                                                                                                                                                              SHA-256:1AF46CBE209E3F1D30CCC0BA9F7E5A455554CAF8B1E3E42F9A93A097D9F435AC
                                                                                                                                                                                                              SHA-512:55FE28E839117A19DF31165FEA3DED3F9DFC0DDA16B437CF274174E9AE476C0E5B869FFB8B2CF1880189BFAC3917E8D7078FA44FC96CFF18DC6EAC7AFA7A8F48
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Sj..2...2...2...J...2..LC...2...Y...2...2...2..LC...2..LC...2..LC...2..j@...2..j@...2..j@...2..j@...2..Rich.2..........................PE..d..._."`.........." .....8...................................................0............`.................................................`...d............................ ..0... ...............................@...8............P...............................text...h7.......8.................. ..`.rdata.......P.......<..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_ecb.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):10240
                                                                                                                                                                                                              Entropy (8bit):4.689882120894326
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:5D8MdJTCaDAH37Belrzu1x/r8qJ7pfJsPG6QxmFWymc3doBKumsLVsDJ9UKvL:lTdJTlDmNelrzuLFf0Qg4yxlumQCDLU
                                                                                                                                                                                                              MD5:93DA52E6CE73E0C1FC14F7B24DCF4B45
                                                                                                                                                                                                              SHA1:0961CFB91BBCEE3462954996C422E1A9302A690B
                                                                                                                                                                                                              SHA-256:DDD427C76F29EDD559425B31EEE54EB5B1BDD567219BA5023254EFDE6591FAA0
                                                                                                                                                                                                              SHA-512:49202A13D260473D3281BF7CA375AC1766189B6936C4AA03F524081CC573EE98D236AA9C736BA674ADE876B7E29AE9891AF50F1A72C49850BB21186F84A3C3AB
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........mr..............t......,}.......g..............,}......,}......,}.......~.......~.......~.......~......Rich............................PE..d...`."`.........." ................T........................................p............`..........................................&.......'..P....P.......@...............`..$....!...............................!..8............ ...............................text............................... ..`.rdata..p.... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..$....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_eksblowfish.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):21504
                                                                                                                                                                                                              Entropy (8bit):6.2360102418962855
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:42XHEtPwbdvIbwKBBEHYpJgLa0Mp8u9sLgU:jHMobBiB+HqgLa1Kx
                                                                                                                                                                                                              MD5:3D34E2789682844E8B5A06BE3B1C81BF
                                                                                                                                                                                                              SHA1:0141D82B4B604E08E620E63B8257FB6A1E210CAF
                                                                                                                                                                                                              SHA-256:40B1A6F1318C565E985AFFB8DF304991E908AB1C36C8E960E7AC177E3002FCA0
                                                                                                                                                                                                              SHA-512:886780D6CE3F2955C8FAC38F75DC3A2E017F68ED8FCC75BAA6D74A5E4018CFBF2B99F59D0DBFA5D2728EB1AD7F3F8FE54F0AD3F29D74AFC43E2CDC1A21F889C4
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...^."`.........." .....(..........T.....................................................`..........................................X.......Y..d............p..................0....Q...............................R..8............@...............................text....'.......(.................. ..`.rdata.......@.......,..............@..@.data...H....`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..0............R..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_ocb.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):17920
                                                                                                                                                                                                              Entropy (8bit):5.285518610964193
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:txQrFBe/i+/puqeXOv3oTezczeO9p9iYDWYLJzUn:Q5B8txuqeXOfoTezcSO9pUY1JY
                                                                                                                                                                                                              MD5:194D1F38FAB24A3847A0B22A120D635B
                                                                                                                                                                                                              SHA1:A96A9DF4794CDA21E845AAFE2D5ACD5A40A9C865
                                                                                                                                                                                                              SHA-256:FCC68F211C6D2604E8F93E28A3065F6E40F1E044C34D33CC8349EB3873559A0C
                                                                                                                                                                                                              SHA-512:07324B03B7DD804090B00BC62C41162FD1788AE3C8450BCA25D63BF254009D04A7ACDF7ACFAF473A3D1BE1FA58B0007FA35D8E486F90C9B48384C035C83B0CCF
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...a."`.........." .....(... ......T.....................................................`.........................................@I......<J..d....p.......`..................$....A...............................A..8............@...............................text....'.......(.................. ..`.rdata.......@.......,..............@..@.data........P.......<..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc..$............D..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Cipher\_raw_ofb.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):12288
                                                                                                                                                                                                              Entropy (8bit):4.696064367032408
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:V05p7mr3Tutd9PUv22NeLfPI5k3bo7tDLUan:tD6t/N4a3bEZUan
                                                                                                                                                                                                              MD5:0628DC6D83F4A9DDDB0552BD0CC9B54C
                                                                                                                                                                                                              SHA1:C73F990B84A126A05F1D32D509B6361DCA80BC93
                                                                                                                                                                                                              SHA-256:F136B963B5CEB60B0F58127A925D68F04C1C8A946970E10C4ABC3C45A1942BC7
                                                                                                                                                                                                              SHA-512:78D005A2FEC5D1C67FC2B64936161026F9A0B1756862BAF51EAF14EDEE7739F915D059814C8D6F66797F84A28071C46B567F3392DAF4FF7FCDFA94220C965C1A
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...`."`.........." ................T.....................................................`..........................................7.......8..d....`.......P..X............p..$....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..$....p......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_BLAKE2b.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):14336
                                                                                                                                                                                                              Entropy (8bit):5.219784380683583
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:305p7mr3Tutd9Pwv2e42bF7i+V2rQnjt1wmg9jN+mp23XDLUk:rD6tTephi+AojO9jbQHUk
                                                                                                                                                                                                              MD5:59F65C1AD53526840893980B52CD0497
                                                                                                                                                                                                              SHA1:E675A09577C75D877CB1305E60EB3D03A4051B73
                                                                                                                                                                                                              SHA-256:2DF02E84CFD77E91D73B3551BDDA868277F8AE38B262FA44528E87208D0B50FC
                                                                                                                                                                                                              SHA-512:5E9782793A8BB6437D718A36862C13CDE5E7E3780E6F3E82C01F7B2F83EBBDB63F66B3C988FA8DEF36077F17FA1F6C2C77A82FABBD7C17D1568E7CEA19E7EDD6
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...[."`.........." ................T.....................................................`..........................................8......|9..d....`.......P..@............p..$....2...............................2..8............0...............................text............................... ..`.rdata.......0....... ..............@..@.data...H....@......................@....pdata..@....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..$....p.......6..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_BLAKE2s.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):13824
                                                                                                                                                                                                              Entropy (8bit):5.171175600505211
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:O05p7mr3Tutd9Pwv2aKbxdcgatX1WmkaA09L9kDLUhX:MD6tTZgtX15kanYU
                                                                                                                                                                                                              MD5:4D8230D64493CE217853B4D3B6768674
                                                                                                                                                                                                              SHA1:C845366E7C02A2402BA00B9B6735E1FAD3F2F1EF
                                                                                                                                                                                                              SHA-256:06885DC99A7621BA3BE3B28CB4BCF972549E23ACF62A710F6D6C580AABA1F25A
                                                                                                                                                                                                              SHA-512:C32D5987A0B1DED7211545CB7D3D7482657CA7D74A9083D37A33F65BBE2E7E075CB52EFAEEA00F1840AB8F0BAF7DF1466A4F4E880ABF9650A709814BCEE2F945
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...\."`.........." ................T.....................................................`..........................................8.......9..d....`.......P..@............p..$....2...............................2..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata..@....P......................@..@.rsrc........`.......2..............@..@.reloc..$....p.......4..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_MD2.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):13824
                                                                                                                                                                                                              Entropy (8bit):5.171087190344686
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:ajJzPAI2p3C2p+EhKnLg9yH8puzoFaPERIQAVqYU:GITp3pp+EhmLg9yH8puzoFaPERIQp
                                                                                                                                                                                                              MD5:4B4831FCFCA23CEBEC872CCCCE8C3CE1
                                                                                                                                                                                                              SHA1:9CA26A95C31E679B0D4CFEDEACEA38334B29B3F3
                                                                                                                                                                                                              SHA-256:75250C7B7EE9F7F944D9C23161D61FE80D59572180A30629C97D1867ECF32093
                                                                                                                                                                                                              SHA-512:7218D67A78EBC76D1AA23AEDDF7B7D209A9E65D4A50FD57F07680953BDF40E42B33D3D6388119B54E3948DA433D0F895BCC0F98E6D1AF4B9821AEFE2300C7EA0
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...V."`.........." ................T.....................................................`..........................................9.......9..d....`.......P..(............p..$....2...............................2..8............0...............................text...h........................... ..`.rdata.......0......................@..@.data...x....@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..$....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_MD4.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):13824
                                                                                                                                                                                                              Entropy (8bit):5.0894476079532565
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:ZE4+jfKIb3gudUPpwVp1sAD7I/9hAkeTOre5QDLU+db:CjJzPQwVp1sAD7KvpUv5uUob
                                                                                                                                                                                                              MD5:642B9CCEA6E2D6F610D209DC3AACF281
                                                                                                                                                                                                              SHA1:8F816AA1D94F085E2FE30A14B4247410910DA8F9
                                                                                                                                                                                                              SHA-256:E5DFB0A60E0E372AE1FF4D0E3F01B22E56408F0F9B04C610ECEF2A5847D6D879
                                                                                                                                                                                                              SHA-512:A728E2F6264A805CE208FEB24600D23EC04C7D17481A39B01F90E47D82CF6C369D6151BB4170D993BE98CEFE8E6BDF2044CF0DC623BAE662C5584812875FC3B8
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...V."`.........." ................T.....................................................`..........................................8.......8..d....`.......P..(............p..$....1...............................2..8............0...............................text............................... ..`.rdata.......0......................@..@.data........@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..$....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_MD5.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):15360
                                                                                                                                                                                                              Entropy (8bit):5.432796797907171
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:N9FZ/KFjb3OuTPU84At56BTBvzcuiDSjeoGIQUPTrLFDLUEPLdN:/wztA8Tt5OwuiDSyoGPmXdUEPB
                                                                                                                                                                                                              MD5:180017650B62058058CB81B53540A9BF
                                                                                                                                                                                                              SHA1:696EECA75621B75BC07E2982EB66D61A1DFECDB6
                                                                                                                                                                                                              SHA-256:8146110D92B2F50B3EB02557BE6EE4586EEC1A2AD7204B48A4F28B8859FE6E29
                                                                                                                                                                                                              SHA-512:9AD447F0B15639C1FA3300E80EC5B175589930CB9166CF108FAFA74093CE791E1FF55CF6686ABF090A8B44BA6B743FEEBA270F378ED405F15418406AB8D01E9B
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...W."`.........." ..... ..........T.....................................................`.........................................P8...... 9..d....`.......P..X............p..$....1...............................1..8............0...............................text............ .................. ..`.rdata..p....0.......$..............@..@.data........@.......2..............@....pdata..X....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..$....p.......:..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_RIPEMD160.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):13824
                                                                                                                                                                                                              Entropy (8bit):5.099895592918567
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:s05p7mr3Tutd9Pgv239k9UgPKsVQJukk7+rDLU8:OD6tD3G9tPKsVQJuUDU
                                                                                                                                                                                                              MD5:11F184E124E91BE3EBDF5EAF92FDE408
                                                                                                                                                                                                              SHA1:5B0440A1A2FBD1B21D5AF7D454098A2B7C404864
                                                                                                                                                                                                              SHA-256:F9220CA8A1948734EC753B1ADA5E655DAF138AF76F01A79C14660B2B144C2FAE
                                                                                                                                                                                                              SHA-512:37B3916A5A4E6D7052DDB72D34347F46077BDF1BA1DCF20928B827B3D2C411C612B4E145DFE70F315EA15E8F7F00946D26E4728F339EDDF08C72B4E493C56BC3
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...Z."`.........." ......... ......T.....................................................`.........................................p9......H:..d....`.......P...............p..$...@3..............................`3..8............0...............................text...X........................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata.......P......................@..@.rsrc........`.......2..............@..@.reloc..$....p.......4..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_SHA1.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):17920
                                                                                                                                                                                                              Entropy (8bit):5.65813713656815
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:Bj51JwTx7uuj/krY1ZLhGZo2R1J+0eDPSgkNZuOdlptvTLLB5b+vDLUE+Ea:sxQr89hTOJ+0QPSfu6rlZ+/UE+
                                                                                                                                                                                                              MD5:51A01A11848322AC53B07D4D24F97652
                                                                                                                                                                                                              SHA1:141097D0F0F1C5432B1F1A571310BD4266E56A6D
                                                                                                                                                                                                              SHA-256:E549A4FE85759CBFC733ECF190478514B46ECA34EDA2370F523328F6DC976F30
                                                                                                                                                                                                              SHA-512:23281BE77496AF3A6507B610191AF5AA005C974F27129073FD70D51E82A5D3E55FB8C7FF28CF1886B55E264B736AB506EE0D97210E764EB1618C74DE2B44E64A
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...W."`.........." .....*..........T.....................................................`.........................................PH......(I..d....p.......`..X...............$....A...............................A..8............@...............................text....).......*.................. ..`.rdata..x....@......................@..@.data........P.......<..............@....pdata..X....`.......>..............@..@.rsrc........p.......B..............@..@.reloc..$............D..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_SHA224.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):21504
                                                                                                                                                                                                              Entropy (8bit):5.882538742896355
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:lRlEGHXgKXqHGcvYHp5RYcARQOj4MSTjqgPmEO2vUk:NdHXgP/YtswvdUk
                                                                                                                                                                                                              MD5:B20D629142A1354BA94033CAC15D7D8C
                                                                                                                                                                                                              SHA1:CD600F33D5BC5FA3E70BDF346A8D0FB935166468
                                                                                                                                                                                                              SHA-256:147CE6747635B374570D3A1D9FCAB5B195F67E99E34C0F59018A3686A07A3917
                                                                                                                                                                                                              SHA-512:72EFD1C653732FB620787B26D0CA44086405A070EC3CD4BBA5445854C5D7DDE6D669060845D093A1FC2593ED6E48630344FA6F0AF685186FB554D8BB9BC97AA0
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...Y."`.........." .....6... ......T.....................................................`..........................................Z.......Z..d............p..................$....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..8....P.......:..............@..@.data...(....`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..$............R..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_SHA256.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):21504
                                                                                                                                                                                                              Entropy (8bit):5.88515673373227
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:ARlEGHXiKXqHGcvYHp5RYcARQOj4MSTjqgPmEm9Uk:SdHXiP/YtswvdVk
                                                                                                                                                                                                              MD5:6FF2518A93F7279E8FDAC0CE8DE4BF3F
                                                                                                                                                                                                              SHA1:77F4713D4F287E2950C06A0EF2F8C7C8D53BABDD
                                                                                                                                                                                                              SHA-256:27B4DB005685D8E31E37BD632767D5FFC81818D24B622E3D25B8F08F43E29B57
                                                                                                                                                                                                              SHA-512:26A8448D34F70AF62D702851B8353708FB3A1B984CBDC1D2EABE582CAAD8D56B0A835A4C914EB7824DADCF62E83B84D3A669C06ACAF0E1001EB66F85BC5D0377
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...X."`.........." .....6... ......T.....................................................`..........................................Z.......Z..d............p..................$....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..8....P.......:..............@..@.data...(....`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..$............R..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_SHA384.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):26624
                                                                                                                                                                                                              Entropy (8bit):5.843159039658928
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:2HJh9k54Stui0gel9soFdkO66MlPGXmXcCkyk:2H6Ju/FZ6nPxM6k
                                                                                                                                                                                                              MD5:8B59C61BB3A3ADFBB7B8C39F11B8084B
                                                                                                                                                                                                              SHA1:49595C3F830422FEF88D8FBAF003F32EF25501CE
                                                                                                                                                                                                              SHA-256:FBD9CDD873EAFAD3C03C05FFEB0D67F779C2D191389351FE2D835E7D8ECA534F
                                                                                                                                                                                                              SHA-512:6FEDCC8631723B63D3D8CAD6D57953EB356C53814FD6F1ECA6299E2A5272F67C58090D339B5E6BB1DA15F7BEB451FCC9A41129AB7F578155A17BBE0C1D385AA6
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...Y."`.........." .....H..."......T.....................................................`..........................................k......hl..d...............................$...pd...............................d..8............`...............................text....F.......H.................. ..`.rdata.......`.......L..............@..@.data...(............^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..$............f..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_SHA512.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):26624
                                                                                                                                                                                                              Entropy (8bit):5.896939915107
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:VxpB9/i4z5tui0gel9soFdkO66MlPGXmXcPtOJkw:Vx11u/FZ6nPxM8k
                                                                                                                                                                                                              MD5:6A84B1C402DB7FE29E991FCA86C3CECF
                                                                                                                                                                                                              SHA1:FC62477E770F4267C58853C92584969B2F0FEBE2
                                                                                                                                                                                                              SHA-256:CF8FD7B6BBC38FE3570B2C610E9C946CD56BE5D193387B9146F09D9B5745F4BC
                                                                                                                                                                                                              SHA-512:B9D1195429E674778A90262E0A438B72224B113B7222535DAA361222DEE049C9929481D6E1138117655EAE9B2735D51638209A6EF07963F5249AD74F0BFD75C6
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...Z."`.........." .....H..."......T.....................................................`..........................................l.......l..d...............................$....d...............................e..8............`...............................text...xG.......H.................. ..`.rdata..H....`.......L..............@..@.data...(............^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..$............f..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_ghash_clmul.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):12800
                                                                                                                                                                                                              Entropy (8bit):4.957384431518367
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:PUBpDmr37utd9PHv2O3sER2fi2s4DLUgdLl:zDit6O3sa4XUO
                                                                                                                                                                                                              MD5:1D49E6E34FE84C972484B6293CC2F297
                                                                                                                                                                                                              SHA1:3A799DB7102912DA344112712FD2236A099C7F5E
                                                                                                                                                                                                              SHA-256:B2FD9F57815B3F7FFC3365D02510B88DBE74AB1EFF8BE9099DC902412057244D
                                                                                                                                                                                                              SHA-512:CAD8FCC78006D643590C3D784C2DF051B8C448DE457B41507F031C9D7891036AD3F8E00B695D92F5138C250B2426A57C16F7293237054A245FF08B26AD86CF25
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................@......................@.......@.......@.......f.......f.......f.......f.......Rich............................PE..d...\."`.........." ................T.....................................................`..........................................8.......8..d....`.......P...............p..$....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......(..............@....pdata.......P.......*..............@..@.rsrc........`......................@..@.reloc..$....p.......0..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_ghash_portable.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):13312
                                                                                                                                                                                                              Entropy (8bit):5.014628606839607
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:lUBpDmr37utd9PVv27c0qKzLF4DHxXUcDLU/:9DitwzvV4DREiU/
                                                                                                                                                                                                              MD5:CDD1A63E9F508D01EEBEE7646A278805
                                                                                                                                                                                                              SHA1:3CB34B17B63F2F61C2FA1B1338D0B94CF9EE67AF
                                                                                                                                                                                                              SHA-256:AB96945D26FEF23EF4B12E1BD5B1841CFECB8B06AB490B436E3F1A977A7F5E8B
                                                                                                                                                                                                              SHA-512:5F136D8EBFE6AC43846C4820FF8A3C81D991FCACC219C23DDD0674E75B930A1A948D02925BCC7BD807F5A68F01F65B35037B8A193143EB552D224E1DD906C158
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................K........................&.......................................'............Rich....................PE..d...\."`.........." ................T.....................................................`..........................................7.......8..d....`.......P..X............p..$....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..X....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..$....p.......2..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_keccak.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):15360
                                                                                                                                                                                                              Entropy (8bit):5.243633265407984
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:QUN0iKNb3NuUPyxfFNhoCoK7e+TcBXJ2kMQ75i6nElDLUH:dYz8JpF39oK6+QBXJ2k775NKU
                                                                                                                                                                                                              MD5:57A49AC595084A19516C64079EE1A4C7
                                                                                                                                                                                                              SHA1:4B188D0E9965AB0DA8D9363FC7FEEE737DF81F74
                                                                                                                                                                                                              SHA-256:D7DA3DC02AC4685D3722E5AF63CA1A8857D53454D59CF64C784625D649897D72
                                                                                                                                                                                                              SHA-512:693989D01070835DC9D487C904F012EE5BE72219E1EEAEC56EE3BC35659192714D8F538BEA30F4849B3A3D4BCF24705EDFE84AD2742F6C8562F6C6215F7917BE
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...[."`.........." ..... ..........T.....................................................`..........................................8.......9..d....`.......P..d............p..$...p2...............................2..8............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........@.......2..............@....pdata..d....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..$....p.......:..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Hash\_poly1305.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):14848
                                                                                                                                                                                                              Entropy (8bit):5.253962925838046
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:t39lJPKBb3+ujPH/41fPnVSEsV3+ldpCArU8vOjpDLUFDdA:V9wzdz/afPCV3YdjdvMUFpA
                                                                                                                                                                                                              MD5:C19895CE6ABC5D85F63572308BD2D403
                                                                                                                                                                                                              SHA1:6B444E59112792B59D3BA4F304A30B62EEBD77FA
                                                                                                                                                                                                              SHA-256:1BCA3479A4CC033E8BC3B4DD8DCC531F38E7B7FE650A7DA09120CCAC100D70A4
                                                                                                                                                                                                              SHA-512:D8D493D51DE052F2A0BB18C4CD6F5E15AB5D5CCB3276D38DDA44382746656618560878359D6C95A76B223CBD4B2CD39C817EC7FC3108EED5D541CF4BD95AAA14
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...\."`.........." ................T.....................................................`..........................................8......h9..d....`.......P..|............p..$....1...............................1..8............0...............................text............................... ..`.rdata.......0......."..............@..@.data........@.......0..............@....pdata..|....P.......2..............@..@.rsrc........`.......6..............@..@.reloc..$....p.......8..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Math\_modexp.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):32768
                                                                                                                                                                                                              Entropy (8bit):5.913715253597897
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:4ea6OoLEx/fpMgEXNSNk/IppSQDLw16UADNIz7Izy+3O3nCpDN+cGJVtV81UpSu8:44OoMpMgqSpz41ht7EOeYcUV4ipwr
                                                                                                                                                                                                              MD5:150F31A18FDCCB30695E8A11B844CB9A
                                                                                                                                                                                                              SHA1:85A333C8A866AAFBF6B3766CED0B7079A2358C42
                                                                                                                                                                                                              SHA-256:D26D543EFC9A6C3D5BA52FFC55965A2C3DBB7E634776EF6C1789E5DF8E4DF3E5
                                                                                                                                                                                                              SHA-512:DDFE93CBE315E060A8F0B3863A1675D8F156BF84F157CD7BCBD7EC57F88C72DD21E6C2A5077A142D828DAD0C40149EE4064C34E6EE26787A8B32D4AC9A18E1CA
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........P.R.>.R.>.R.>.[...V.>..?.P.>.F.?.Q.>.R.?.{.>..;.Y.>..:.Z.>..=.Q.>..6.V.>..>.S.>....S.>..<.S.>.RichR.>.........PE..d...i."`.........." .....V...,............................................................`..........................................~..d.......d...............T...............$....q...............................q..8............p..(............................text...(U.......V.................. ..`.rdata.......p.......Z..............@..@.data...H............n..............@....pdata..T............t..............@..@.rsrc................|..............@..@.reloc..$............~..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Protocol\_scrypt.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):12288
                                                                                                                                                                                                              Entropy (8bit):4.725087774300977
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:N942/KIb3bu95Pp2abc64uVNn4DLUOVdB:FJzCxl464aGUOf
                                                                                                                                                                                                              MD5:66052F3B3D4C48E95377B1B827B959BB
                                                                                                                                                                                                              SHA1:CF3F0F82B87E67D75B42EAAB144AE7677E0C882E
                                                                                                                                                                                                              SHA-256:C9A6A7D7CE0238A8D03BCC1E43FD419C46FAEA3E89053355199DEDF56DADAFA4
                                                                                                                                                                                                              SHA-512:9A7F45CE151890032574ED1EF8F45640E489987DC3AF716E5D7F31127BA3675E1F4C775229184C52D9A3792DF9CB2B3D0D3BE079192C40E900BA0CC69E8E3EE5
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........./...A...A...A.......A.@.@...A...@...A...@..A.@.D...A.@.E...A.@.B...A.f.I...A.f.A...A.f....A.f.C...A.Rich..A.........................PE..d...b."`.........." ................T.....................................................`.........................................P8..d....8..d....`.......P..4............p..$....1...............................1..8............0...............................text...X........................... ..`.rdata.......0......................@..@.data........@.......&..............@....pdata..4....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..$....p......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\PublicKey\_ec_ws.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):748032
                                                                                                                                                                                                              Entropy (8bit):7.627003962799197
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12288:b3HtKHoxJ8gf1266y8IXhJvCKAmqVLzcrZgYIMGv1iLD9yQvG6h:b3NKHoxJFf1p34hcrn5Go9yQO6
                                                                                                                                                                                                              MD5:B96D4854F02D932D9D84DB7CE254C85A
                                                                                                                                                                                                              SHA1:61F8F284EEB65B21A5373DA85270802B9E0ABBF4
                                                                                                                                                                                                              SHA-256:E73BC5D362A1439FD87BF3901D5B2D4534B50E3B935C841F25D3C49BF3D4D7EE
                                                                                                                                                                                                              SHA-512:1FDE226034F48B29143E1B3042FB42C91BE8DE5DDC53B2F2FA3DAB1CCA99FB34AF3A8FB57B0CB5B152943BE156B4521DAE04FB80B08EC04A3F371E30D137297A
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.2...a...a...a.sba...alz.`...a.`.`...a...a...alz.`...alz.`...alz.`...aJy.`...aJy.`...aJy.a...aJy.`...aRich...a........................PE..d...g."`.........." .....V................................................................`.........................................p_.......a..d...............H...............0....H...............................I..8............p..(............................text....T.......V.................. ..`.rdata.......p.......Z..............@..@.data...X....p.......P..............@....pdata..H............X..............@..@.rsrc................f..............@..@.reloc..0............h..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Util\_cpuid_c.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):10240
                                                                                                                                                                                                              Entropy (8bit):4.662736103035243
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:5y8MdJTCaDAH37Belrzu1x/r8qJ7pfJsPG6Q9qHaGi0oYAsDJ9UqvA:0TdJTlDmNelrzuLFf0Qd03DLU
                                                                                                                                                                                                              MD5:E17F1BA35CF28FA1DDA7B1EC29573E0E
                                                                                                                                                                                                              SHA1:6EB63305E38BD75931E3325E0C3F58F7CB3F2AD0
                                                                                                                                                                                                              SHA-256:D37CCB530F177F3E39C05B0CA0A70661B2541CCAF56818DAD4FCF336EEED3321
                                                                                                                                                                                                              SHA-512:8E7AF8712592084178E3B93FE54E60AC32A774D151896AFEE937CDB3BB9F629F4B597F85AF9B56A1C14612121357FC0DDAA45E71D91B13C36E88292D3050A1B9
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........mr..............t......,}.......g..............,}......,}......,}.......~.......~.......~.......~......Rich............................PE..d...`."`.........." ................T........................................p............`..........................................'..|...|'..P....P.......@...............`..$....!...............................!..8............ ...............................text............................... ..`.rdata..H.... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..$....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\Cryptodome\Util\_strxor.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):10240
                                                                                                                                                                                                              Entropy (8bit):4.620728904455609
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:5Z8MdJTCaDAH37Belrzu1x/r8qJ7pfJsPG6QgcfPPYdsDJ9UKvb:nTdJTlDmNelrzuLFf0Q5P3DLU
                                                                                                                                                                                                              MD5:3369F9BB8B0EE93E5AD5B201956DC60F
                                                                                                                                                                                                              SHA1:A5B75CBD6CE905A179E49888E798CD6AE9E9194D
                                                                                                                                                                                                              SHA-256:5940E97E687A854E446DC859284A90C64CF6D87912C37172B8823A8C3A7B73DF
                                                                                                                                                                                                              SHA-512:C4E71D683BE64A8E6AB533FA4C1C3040B96D0BE812EA74C99D2D2B5D52470C24B45D55366A7ACB9D8CDA759A618CBAF0D0A7ECFEF4C0954DF89FDB768D9893E2
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........mr..............t......,}.......g..............,}......,}......,}.......~.......~.......~.......~......Rich............................PE..d...b."`.........." ................T........................................p............`..........................................&..t...d'..P....P.......@...............`..$....!...............................!..8............ ...............................text...x........................... ..`.rdata..0.... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..$....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\VCRUNTIME140.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):98736
                                                                                                                                                                                                              Entropy (8bit):6.474996871326343
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:1536:BxhUQePlHhR46rXHHGI+mAAD4AeDuXMycecb8i10DWZz:Bvk4wHH+mZD4ADAecb8G1
                                                                                                                                                                                                              MD5:F12681A472B9DD04A812E16096514974
                                                                                                                                                                                                              SHA1:6FD102EB3E0B0E6EEF08118D71F28702D1A9067C
                                                                                                                                                                                                              SHA-256:D66C3B47091CEB3F8D3CC165A43D285AE919211A0C0FCB74491EE574D8D464F8
                                                                                                                                                                                                              SHA-512:7D3ACCBF84DE73FB0C5C0DE812A9ED600D39CD7ED0F99527CA86A57CE63F48765A370E913E3A46FFC2CCD48EE07D823DAFDD157710EEF9E7CC1EB7505DC323A2
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.&k..H8..H8..H8.I9..H8...8..H8..I8(.H8e.K9..H8e.L9..H8e.M9..H8e.H9..H8e..8..H8e.J9..H8Rich..H8................PE..d....9............" ... .....`......`.....................................................`A........................................0C..4...dK...............p..p....Z...'...........-..p............................,..@............................................text............................... ..`.rdata...A.......B..................@..@.data...0....`.......B..............@....pdata..p....p.......F..............@..@_RDATA..\............R..............@..@.rsrc................T..............@..@.reloc...............X..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\_asyncio.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):64424
                                                                                                                                                                                                              Entropy (8bit):6.124000794465739
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:1536:r/p7Wh7XUagO7BR4SjavFHx8pIS5nWQ7Sy7o:r/tWhzUahBR4Sjahx8pIS5n5Fo
                                                                                                                                                                                                              MD5:6EB3C9FC8C216CEA8981B12FD41FBDCD
                                                                                                                                                                                                              SHA1:5F3787051F20514BB9E34F9D537D78C06E7A43E6
                                                                                                                                                                                                              SHA-256:3B0661EF2264D6566368B677C732BA062AC4688EF40C22476992A0F9536B0010
                                                                                                                                                                                                              SHA-512:2027707824D0948673443DD54B4F45BC44680C05C3C4A193C7C1803A1030124AD6C8FBE685CC7AAF15668D90C4CD9BFB93DE51EA8DB4AF5ABE742C1EF2DCD08B
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&.~[b...b...b...k..`.......`.......n.......j.......a.......a.......`...b..........c.......c.......c.......c...Richb...........PE..d....K.b.........." ... .T..........`...............................................^.....`.............................................P...P...d........................)...........w..T...........................@v..@............p.. ............................text....R.......T.................. ..`.rdata...I...p...J...X..............@..@.data...(...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\_bz2.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):83368
                                                                                                                                                                                                              Entropy (8bit):6.530099411242372
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:1536:asRz7qNFcaO6ViD4fhaLRFc/a8kd7jzWHCxIStVs7Sywk:9RzGYYhaY9kd7jzWixIStVs+k
                                                                                                                                                                                                              MD5:A4B636201605067B676CC43784AE5570
                                                                                                                                                                                                              SHA1:E9F49D0FC75F25743D04CE23C496EB5F89E72A9A
                                                                                                                                                                                                              SHA-256:F178E29921C04FB68CC08B1E5D1181E5DF8CE1DE38A968778E27990F4A69973C
                                                                                                                                                                                                              SHA-512:02096BC36C7A9ECFA1712FE738B5EF8B78C6964E0E363136166657C153727B870A6A44C1E1EC9B81289D1AA0AF9C85F1A37B95B667103EDC2D3916280B6A9488
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........{..{..{...#.{......{....M.{......{......{......{......{..Z...{..{...{......{......{....O.{......{..Rich.{..........PE..d....K.b.........." ... .....^..............................................P......& ....`.........................................p...H............0....... .. ........)...@..........T...........................p...@............................................text...O........................... ..`.rdata..L>.......@..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\_cffi_backend.cp310-win_amd64.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):178176
                                                                                                                                                                                                              Entropy (8bit):6.160618368535074
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3072:a28mc0wlApJaPh2dEVWkS0EDejc2zSTBcS7EkSTLkKDtJbtb:axTlApohBV1S0usWchkSTLLDDt
                                                                                                                                                                                                              MD5:2BAAA98B744915339AE6C016B17C3763
                                                                                                                                                                                                              SHA1:483C11673B73698F20CA2FF0748628C789B4DC68
                                                                                                                                                                                                              SHA-256:4F1CE205C2BE986C9D38B951B6BCB6045EB363E06DACC069A41941F80BE9068C
                                                                                                                                                                                                              SHA-512:2AE8DF6E764C0813A4C9F7AC5A08E045B44DAAC551E8FF5F8AA83286BE96AA0714D373B8D58E6D3AA4B821786A919505B74F118013D9FCD1EBC5A9E4876C2B5F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........#...p...p...p...p...p.y.q...p.y{p...p.y.q...p.y.q...p.y.q...p.q...pi..q...p...pX..p.x.q...p...p...p.x.q...p.xyp...p.x.q...pRich...p................PE..d......f.........." ...).....B.............................................. ............`.........................................PX..l....X.......................................?...............................=..@............................................text............................... ..`.rdata..............................@..@.data....].......0...j..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\_ctypes.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):122792
                                                                                                                                                                                                              Entropy (8bit):6.021506515932983
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3072:bsQx9bm+edYe3ehG+20t7MqfrSW08UficVISQPkFPR:QQxCOhGB0tgqfrSiUficrZ
                                                                                                                                                                                                              MD5:87596DB63925DBFE4D5F0F36394D7AB0
                                                                                                                                                                                                              SHA1:AD1DD48BBC078FE0A2354C28CB33F92A7E64907E
                                                                                                                                                                                                              SHA-256:92D7954D9099762D81C1AE2836C11B6BA58C1883FDE8EEEFE387CC93F2F6AFB4
                                                                                                                                                                                                              SHA-512:E6D63E6FE1C3BD79F1E39CB09B6F56589F0EE80FD4F4638002FE026752BFA65457982ADBEF13150FA2F36E68771262D9378971023E07A75D710026ED37E83D7B
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......T....ne..ne..ne......ne.p.d..ne.p.`..ne.p.a..ne.p.f..ne.t.d..ne...a..ne...d..ne...d..ne..nd..ne.t.h..ne.t.e..ne.t....ne.t.g..ne.Rich.ne.........PE..d....K.b.........." ... ............P[..............................................H.....`..........................................Q.......R...........................).......... ...T...............................@...............@............................text............................... ..`.rdata..nl.......n..................@..@.data...D>...p...8...^..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\_decimal.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):250280
                                                                                                                                                                                                              Entropy (8bit):6.547354352688139
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6144:TogRj7JKM8c7N6FiFUGMKa3xB6Dhj9qWMa3pLW1A64WsqC:tPJKa7N6FEa3x4NlbqC
                                                                                                                                                                                                              MD5:10F7B96C666F332EC512EDADE873EECB
                                                                                                                                                                                                              SHA1:4F511C030D4517552979105A8BB8CCCF3A56FCEA
                                                                                                                                                                                                              SHA-256:6314C99A3EFA15307E7BDBE18C0B49BC841C734F42923A0B44AAB42ED7D4A62D
                                                                                                                                                                                                              SHA-512:CFE5538E3BECBC3AA5540C627AF7BF13AD8F5C160B581A304D1510E0CB2876D49801DF76916DCDA6B7E0654CE145BB66D6E31BD6174524AE681D5F2B49088419
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................7.......................................+.........c.........................[...........Rich...........PE..d....K.b.........." ... .p...:.......................................................^....`..........................................D..P...@E...................'.......)......@...p...T...........................0...@............................................text...]o.......p.................. ..`.rdata...............t..............@..@.data....)...`...$...L..............@....pdata...'.......(...p..............@..@.rsrc...............................@..@.reloc..@...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\_hashlib.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):61864
                                                                                                                                                                                                              Entropy (8bit):6.210920109899827
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:aSz5iGzcowlJF+aSe3kuKUZgL4dqDswE9+B1fpIS5IHYiSyvc9eEdB:npWlJF+aYupZbdqDOgB1fpIS5IH7Sy+V
                                                                                                                                                                                                              MD5:49CE7A28E1C0EB65A9A583A6BA44FA3B
                                                                                                                                                                                                              SHA1:DCFBEE380E7D6C88128A807F381A831B6A752F10
                                                                                                                                                                                                              SHA-256:1BE5CFD06A782B2AE8E4629D9D035CBC487074E8F63B9773C85E317BE29C0430
                                                                                                                                                                                                              SHA-512:CF1F96D6D61ECB2997BB541E9EDA7082EF4A445D3DD411CE6FD71B0DFE672F4DFADDF36AE0FB7D5F6D1345FBD90C19961A8F35328332CDAA232F322C0BF9A1F9
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......zD.A>%..>%..>%..7]..:%..^_..<%..^_..2%..^_..6%..^_..=%..Z_..<%...W..<%...\..=%..>%...%..Z_..?%..Z_..?%..Z_..?%..Z_..?%..Rich>%..................PE..d....K.b.........." ... .P...z.......<..............................................Np....`............................................P...@............................)......X....l..T............................k..@............`..(............................text....N.......P.................. ..`.rdata..VM...`...N...T..............@..@.data...8...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\_lzma.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):158120
                                                                                                                                                                                                              Entropy (8bit):6.838169661977938
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3072:MeORg8tdLRrHn5Xp4znfI9mNoY6JCvyPZxsyTxISe1KmDd:M/Rgo1L5wwYOY6MixJKR
                                                                                                                                                                                                              MD5:B5FBC034AD7C70A2AD1EB34D08B36CF8
                                                                                                                                                                                                              SHA1:4EFE3F21BE36095673D949CCEAC928E11522B29C
                                                                                                                                                                                                              SHA-256:80A6EBE46F43FFA93BBDBFC83E67D6F44A44055DE1439B06E4DD2983CB243DF6
                                                                                                                                                                                                              SHA-512:E7185DA748502B645030C96D3345D75814BA5FD95A997C2D1C923D981C44D5B90DB64FAF77DDBBDC805769AF1BEC37DAF0ECEE0930A248B67A1C2D92B59C250C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........m....................................................<.........................................Rich...........................PE..d....L.b.........." ... .d...........8...............................................p....`.........................................0%..L...|%..x....p.......P.......@...)......H.......T...........................`...@............................................text...^c.......d.................. ..`.rdata..............h..............@..@.data........@......................@....pdata.......P....... ..............@..@.rsrc........p.......4..............@..@.reloc..H............>..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\_multiprocessing.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):33192
                                                                                                                                                                                                              Entropy (8bit):6.3186201273933635
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:Y3I65wgJ5xeSZg2edRnJ8ZISRtczYiSyvZCeEdP:gIgJ5Uqg2edRJ8ZISRtcz7Sy0b
                                                                                                                                                                                                              MD5:71AC323C9F6E8A174F1B308B8C036E88
                                                                                                                                                                                                              SHA1:0521DF96B0D622544638C1903D32B1AFF1F186B0
                                                                                                                                                                                                              SHA-256:BE8269C83666EAA342788E62085A3DB28F81512D2CFA6156BF137B13EBEBE9E0
                                                                                                                                                                                                              SHA-512:014D73846F06E9608525A4B737B7FCCBE2123D0E8EB17301244B9C1829498328F7BC839CC45A1563CF066668EA6E0C4E3A5A0821AB05C999A97C20AA669E9EDA
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.+.>.x.>.x.>.x.Fgx.>.x.D.y.>.x.D.y.>.x.D.y.>.x.D.y.>.x.D.y.>.x.>.x.>.xmL.y.>.x.D.y.>.x.D.y.>.x.D.x.>.x.D.y.>.xRich.>.x........................PE..d....K.b.........." ... .....<......0....................................................`.........................................0D..`....D..x....p.......`.......X...)...........4..T...........................p3..@............0...............................text............................... ..`.rdata..^....0... ..."..............@..@.data........P.......B..............@....pdata.......`.......H..............@..@.rsrc........p.......L..............@..@.reloc...............V..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\_overlapped.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):48552
                                                                                                                                                                                                              Entropy (8bit):6.319402195167259
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:9i4KJKYCKlBj7gKxwfZQ7ZlYXF1SVMHE4ftISstDYiSyvM+eEd2:hKJfBuAA1SVWBftISstD7Syti
                                                                                                                                                                                                              MD5:7E6BD435C918E7C34336C7434404EEDF
                                                                                                                                                                                                              SHA1:F3A749AD1D7513EC41066AB143F97FA4D07559E1
                                                                                                                                                                                                              SHA-256:0606A0C5C4AB46C4A25DED5A2772E672016CAC574503681841800F9059AF21C4
                                                                                                                                                                                                              SHA-512:C8BF4B1EC6C8FA09C299A8418EE38CDCCB04AFA3A3C2E6D92625DBC2DE41F81DD0DF200FD37FCC41909C2851AC5CA936AF632307115B9AC31EC020D9ED63F157
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|.K{8.%(8.%(8.%(1..(<.%(X.$):.%(X. )4.%(X.!)0.%(X.&);.%(\.$):.%(8.$(N.%(.$)=.%(.!)9.%(\.()9.%(\.%)9.%(\..(9.%(\.')9.%(Rich8.%(........PE..d....K.b.........." ... .>...X...... ................................................o....`..........................................w..X...(x...........................)...... ....V..T............................U..@............P...............................text....<.......>.................. ..`.rdata...4...P...6...B..............@..@.data................x..............@....pdata..............................@..@.rsrc...............................@..@.reloc.. ...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\_pytransform.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1164800
                                                                                                                                                                                                              Entropy (8bit):7.05748889255336
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24576:8RgySc2phTzucZzdcZ7fUoPTS4ObanoVen42fw5I:BySc2ptScvkosfcI
                                                                                                                                                                                                              MD5:E4761848102A6902B8E38F3116A91A41
                                                                                                                                                                                                              SHA1:C262973E26BD9D8549D4A9ABF4B7AE0CA4DB75F0
                                                                                                                                                                                                              SHA-256:9D03619721C887413315BD674DAE694FBD70EF575EB0138F461A34E2DD98A5FD
                                                                                                                                                                                                              SHA-512:A148640AA6F4B4EF3AE37922D8A11F4DEF9ECFD595438B9A36B1BE0810BFB36ABF0E01BEE0AA79712AF0D70CDDCE928C0DF5057C0418C4ED0D733C6193761E82
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".....^..........0..........p.............................................. .........................................+....................p...'...........................................P..(...................d................................text....].......^..................`.P`.data........p.......b..............@.`..rdata..p............d..............@.`@.pdata...'...p...(...R..............@.0@.xdata..L,...........z..............@.0@.bss....h.............................`..edata..+...........................@.0@.idata..............................@.0..CRT....X...........................@.@..tls................................@.@..reloc..............................@.0B........................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\_queue.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):30632
                                                                                                                                                                                                              Entropy (8bit):6.41055734058478
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:lez/Dt36r34krA4eVIS7UAYiSyvAEYeEdSiD:leDE34krA4eVIS7UA7Sy9YLD
                                                                                                                                                                                                              MD5:23F4BECF6A1DF36AEE468BB0949AC2BC
                                                                                                                                                                                                              SHA1:A0E027D79A281981F97343F2D0E7322B9FE9B441
                                                                                                                                                                                                              SHA-256:09C5FAF270FD63BDE6C45CC53B05160262C7CA47D4C37825ED3E15D479DAEE66
                                                                                                                                                                                                              SHA-512:3EE5B3B7583BE1408C0E1E1C885512445A7E47A69FF874508E8F0A00A66A40A0E828CE33E6F30DDC3AC518D69E4BB96C8B36011FB4EDEDF9A9630EF98A14893B
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&.~Zb...b...b...k..`.......`.......n.......j.......a.......a.......`...b...+.......c.......c.......c.......c...Richb...........................PE..d....K.b.........." ... .....8.......................................................F....`..........................................C..L....C..d....p.......`.......N...)..........`4..T........................... 3..@............0..(............................text............................... ..`.rdata..2....0......................@..@.data...x....P.......:..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc...............L..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\_socket.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):77736
                                                                                                                                                                                                              Entropy (8bit):6.247935524153974
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:1536:C6DucXZAuj19/s+S+pjtk/DDTaVISQwn7SyML:C6DPXSuj19/sT+ppk/XWVISQwneL
                                                                                                                                                                                                              MD5:E137DF498C120D6AC64EA1281BCAB600
                                                                                                                                                                                                              SHA1:B515E09868E9023D43991A05C113B2B662183CFE
                                                                                                                                                                                                              SHA-256:8046BF64E463D5AA38D13525891156131CF997C2E6CDF47527BC352F00F5C90A
                                                                                                                                                                                                              SHA-512:CC2772D282B81873AA7C5CBA5939D232CCEB6BE0908B211EDB18C25A17CBDB5072F102C0D6B7BC9B6B2F1F787B56AB1BC9BE731BB9E98885C17E26A09C2BEB90
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...ry..ry..ry..{.g.ty......py.......y......zy......qy......py..ry...y......uy......sy......sy......sy......sy..Richry..................PE..d....K.b.........." ... .l.......... &.......................................P.......Q....`.............................................P...P........0....... ..l........)...@.........T...............................@............................................text...Rj.......l.................. ..`.rdata...s.......t...p..............@..@.data...............................@....pdata..l.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\_sqlite3.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):97704
                                                                                                                                                                                                              Entropy (8bit):6.173518585387285
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:1536:GzgMWYDOavuvwYXGqijQaIrlIaiP9NbTp9c4L7ZJkyDpIS5Qux7Syce:NFYqDPSQaIrlI/DbLc2tJkyDpIS5QuxZ
                                                                                                                                                                                                              MD5:7F61EACBBBA2ECF6BF4ACF498FA52CE1
                                                                                                                                                                                                              SHA1:3174913F971D031929C310B5E51872597D613606
                                                                                                                                                                                                              SHA-256:85DE6D0B08B5CC1F2C3225C07338C76E1CAB43B4DE66619824F7B06CB2284C9E
                                                                                                                                                                                                              SHA-512:A5F6F830C7A5FADC3349B42DB0F3DA1FDDB160D7E488EA175BF9BE4732A18E277D2978720C0E294107526561A7011FADAB992C555D93E77D4411528E7C4E695A
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........dQ...?...?...?..}....?..>...?......?..:...?..;...?..<...?..>...?.;w>...?...>...?..2...?..?...?......?..=...?.Rich..?.................PE..d....L.b.........." ... ............................................................4.....`.............................................P....................`.......T...)..............T...............................@...............`............................text...n........................... ..`.rdata...p.......r..................@..@.data...,....@......................@....pdata.......`.......2..............@..@.rsrc................F..............@..@.reloc...............P..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\_ssl.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):159144
                                                                                                                                                                                                              Entropy (8bit):6.002098953253968
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3072:UhIDGtzShE3z/JHPUE0uev5J2oE/wu3rE923+nuI5Piev9muxISt710Y:UhIqtzShE3zhvyue5EMnuaF9mu3
                                                                                                                                                                                                              MD5:35F66AD429CD636BCAD858238C596828
                                                                                                                                                                                                              SHA1:AD4534A266F77A9CDCE7B97818531CE20364CB65
                                                                                                                                                                                                              SHA-256:58B772B53BFE898513C0EB264AE4FA47ED3D8F256BC8F70202356D20F9ECB6DC
                                                                                                                                                                                                              SHA-512:1CCA8E6C3A21A8B05CC7518BD62C4E3F57937910F2A310E00F13F60F6A94728EF2004A2F4A3D133755139C3A45B252E6DB76987B6B78BC8269A21AD5890356AD
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........dI...'L..'L..'L.}.L..'L..&M..'L.."M..'L..#M..'L..$M..'L..&M..'Lz|&M..'L..&Lt.'L)w&M..'L..*M..'L..'M..'L...L..'L..%M..'LRich..'L................PE..d....K.b.........." ... ............l*...................................................`............................................d...4........`.......P.......D...)...p..<.......T...............................@............................................text...x........................... ..`.rdata..J...........................@..@.data....j.......f..................@....pdata.......P....... ..............@..@.rsrc........`.......,..............@..@.reloc..<....p.......6..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\_win32sysloader.cp310-win_amd64.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):12288
                                                                                                                                                                                                              Entropy (8bit):4.922363545317259
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:i+LZ/rJjFTo6VB8rEn/sDWBPKLNmZRsYnGcyLtjNXG:ievLVL/sqBd+lFlG
                                                                                                                                                                                                              MD5:5BDD23970D9AEBCA8838C0562336A1CF
                                                                                                                                                                                                              SHA1:B256A34C95A5CB99DBC880F522266E59E71BB701
                                                                                                                                                                                                              SHA-256:12434F2FE3EF83859DE5E74B0C51407770FFCD4A9219044532804B32E38308FD
                                                                                                                                                                                                              SHA-512:15E29261C6676ABBACE771BAF248F06A2319CA721046F6788EE5E331C51A75CBE44B2A24F15EC32F0A371D525AA40E439BF0074E5D68D4657BF038114379E7B0
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........D...D...D...M.".F....!..F...7...F....!..E....!..N....!..L.......G...D...`....!..E....!..E....!..E...RichD...........................PE..d......a.........." ......................................................................`..........................................7..p...@8..d....p.......P..................0....2..T...........................p2...............0..@............................text............................... ..`.rdata..J....0......................@..@.data........@.......$..............@....pdata.......P.......&..............@..@.gfids.......`.......(..............@..@.rsrc........p.......*..............@..@.reloc..0...........................@..B................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\base_library.zip

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):831926
                                                                                                                                                                                                              Entropy (8bit):5.700496388184754
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12288:4EHYKPY+WygVqFcIW6A4a2YCdbVwxDfpEn4jSRMNwW:4EHYMVgyLa2JVwxDfpEn4GMNwW
                                                                                                                                                                                                              MD5:6CFF73092664831CA9277C6797993C47
                                                                                                                                                                                                              SHA1:62D17F2BF5785149DF53B5ADBAECC3579A24CFBE
                                                                                                                                                                                                              SHA-256:A8BE7CE0F18A2E14DADB3FE6CC41EC2962DCE172F4CB4DF4535FF0EC47AEE79D
                                                                                                                                                                                                              SHA-512:457211A957656B845AE6E5A34E567C7E33DBB67F6AED9A9C15937F3B39922A2A4BDC70378269C1908FC141EB34ADAA70A0B133BA42BF6498F9E41CE372F3F3CA
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:PK..........!................_collections_abc.pyco........k..u.s{.....................@.......d.Z.d.d.l.m.Z.m.Z...d.d.l.Z.e.e.e.....Z.e.d...Z.d.d...Z.e.e...Z.[.g.d...Z.d.Z.e.e.d.....Z.e.e.e.......Z.e.e.i.........Z.e.e.i.........Z.e.e.i.........Z.e.e.g.....Z.e.e.e.g.......Z.e.e.e.d.......Z.e.e.e.d.d.>.......Z.e.e.e.......Z.e.e.d.....Z e.e.d.....Z!e.e.e"......Z#e.i.......Z$e.i.......Z%e.i.......Z&e.e.j'..Z(e.d.d.......Z)d.d...Z*e*..Z*e.e*..Z+e*.,....[*d.d...Z-e-..Z-e.e-..Z.[-d.d...Z/G.d.d...d.e.d...Z0G.d.d...d.e.d...Z1G.d.d...d.e1..Z2e2.3e+....G.d.d...d.e.d...Z4G.d.d ..d e4..Z5G.d!d"..d"e5..Z6e6.3e.....G.d#d$..d$e.d...Z7G.d%d&..d&e7..Z8e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e ....e8.3e!....e8.3e#....G.d'd(..d(e7..Z9G.d)d*..d*e8..Z:e:.3e)....G.d+d,..d,e.d...Z;G.d-d...d.e.d...Z<G.d/d0..d0e;e7e<..Z=G.d1d2..d2e...Z>d3d4..Z?d5d6..Z@d7d8..ZAG.d9d:..d:e.d...ZBG.d;d<..d<e=..ZCeC.3eD....G.d=d>..d>eC..ZEeE.3e.....G.d?d@..d@e=..ZFeF

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\certifi\cacert.pem

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):299427
                                                                                                                                                                                                              Entropy (8bit):6.047872935262006
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5Nahx:QWb/TRJLWURrI5RWavdF08/
                                                                                                                                                                                                              MD5:50EA156B773E8803F6C1FE712F746CBA
                                                                                                                                                                                                              SHA1:2C68212E96605210EDDF740291862BDF59398AEF
                                                                                                                                                                                                              SHA-256:94EDEB66E91774FCAE93A05650914E29096259A5C7E871A1F65D461AB5201B47
                                                                                                                                                                                                              SHA-512:01ED2E7177A99E6CB3FBEF815321B6FA036AD14A3F93499F2CB5B0DAE5B713FD2E6955AA05F6BDA11D80E9E0275040005E5B7D616959B28EFC62ABB43A3238F0
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\charset_normalizer\md.cp310-win_amd64.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):10752
                                                                                                                                                                                                              Entropy (8bit):4.82516630102953
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:700fK74ACb0xx2uKynu10YLsgxwJiUNiL0U5IZsJFPGDtCFOCQAASmHcX6g8H4ao:QFCk2z1/t12iwU5usJFqCyVcqgg
                                                                                                                                                                                                              MD5:F4F7F634791F26FC62973350D5F89D9A
                                                                                                                                                                                                              SHA1:6BE643BD21C74ED055B5A1B939B1F64B055D4673
                                                                                                                                                                                                              SHA-256:45A043C4B7C6556F2ACFC827F2FF379365088C3479E8EE80C7F0A2CEB858DCC6
                                                                                                                                                                                                              SHA-512:4325807865A76427D05039A2922F853287D420BCEBDA81F63A95BF58502E7DA0489060C4B6F6FFD65AA294E1E1C1F64560ADD5F024355922103C88B2CF1FD79B
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................X...................................^............................4...........Rich....................PE..d...c#.g.........." ...).....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\charset_normalizer\md__mypyc.cp310-win_amd64.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):122368
                                                                                                                                                                                                              Entropy (8bit):5.903697891709302
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:1536:5ewkbk74PoxchHGTm/SCtg5MbfFPjPNoSLn2dkp2A/2pQKP:5endPox6HGTOLtg6bfFhDLkkCpQK
                                                                                                                                                                                                              MD5:47EE4516407B6DE6593A4996C3AE35E0
                                                                                                                                                                                                              SHA1:293224606B31E45B10FB67E997420844AE3FE904
                                                                                                                                                                                                              SHA-256:F646C3B72B5E7C085A66B4844B5AD7A9A4511D61B2D74153479B32C7AE0B1A4C
                                                                                                                                                                                                              SHA-512:EFA245C6DB2AEE2D9DB7F99E33339420E54F371A17AF0CF7694DAF51D45AEBFBAC91FC52DDB7C53E9FC73B43C67D8D0A2CAA15104318E392C8987A0DAD647B81
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........VyR.7...7...7...O...7.......7...O...7.......7.......7.......7..JB...7...7..b7......7......7......7......7..Rich.7..........PE..d...b#.g.........." ...).6...........7.......................................0............`......................................... ...d.................................... ......@...................................@............P...............................text...(4.......6.................. ..`.rdata...Y...P...Z...:..............@..@.data....=.......0..................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\importlib_metadata-8.0.0.dist-info\INSTALLER

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4
                                                                                                                                                                                                              Entropy (8bit):1.5
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:Mn:M
                                                                                                                                                                                                              MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                              SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                              SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                              SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:pip.

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\importlib_metadata-8.0.0.dist-info\LICENSE

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):11358
                                                                                                                                                                                                              Entropy (8bit):4.4267168336581415
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:nU6G5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEn7HbHR:U9vlKM1zJlFvmNz5VrlkTS07Ht
                                                                                                                                                                                                              MD5:3B83EF96387F14655FC854DDC3C6BD57
                                                                                                                                                                                                              SHA1:2B8B815229AA8A61E483FB4BA0588B8B6C491890
                                                                                                                                                                                                              SHA-256:CFC7749B96F63BD31C3C42B5C471BF756814053E847C10F3EB003417BC523D30
                                                                                                                                                                                                              SHA-512:98F6B79B778F7B0A15415BD750C3A8A097D650511CB4EC8115188E115C47053FE700F578895C097051C9BC3DFB6197C2B13A15DE203273E1A3218884F86E90E8
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:. Apache License. Version 2.0, January 2004. http://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial own

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\importlib_metadata-8.0.0.dist-info\METADATA

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4648
                                                                                                                                                                                                              Entropy (8bit):5.006900644756252
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:Dx2ZSaCSmS8R902Vpnu386eLQ9Ac+fFZpDN00x2jZ2SBXZJSwTE:9Smzf02Vpnu386mQ9B+TP0vJHJSwTE
                                                                                                                                                                                                              MD5:98ABEAACC0E0E4FC385DFF67B607071A
                                                                                                                                                                                                              SHA1:E8C830D8B0942300C7C87B3B8FD15EA1396E07BD
                                                                                                                                                                                                              SHA-256:6A7B90EFFEE1E09D5B484CDF7232016A43E2D9CC9543BCBB8E494B1EC05E1F59
                                                                                                                                                                                                              SHA-512:F1D59046FFA5B0083A5259CEB03219CCDB8CC6AAC6247250CBD83E70F080784391FCC303F7630E1AD40E5CCF5041A57CB9B68ADEFEC1EBC6C31FCF7FFC65E9B7
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:Metadata-Version: 2.1.Name: importlib_metadata.Version: 8.0.0.Summary: Read metadata from Python packages.Author-email: "Jason R. Coombs" <jaraco@jaraco.com>.Project-URL: Source, https://github.com/python/importlib_metadata.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.License-File: LICENSE.Requires-Dist: zipp >=0.5.Requires-Dist: typing-extensions >=3.6.4 ; python_version < "3.8".Provides-Extra: doc.Requires-Dist: sphinx >=3.5 ; extra == 'doc'.Requires-Dist: jaraco.packaging >=9.3 ; extra == 'doc'.Requires-Dist: rst.linker >=1.9 ; extra == 'doc'.Requires-Dist: furo ; extra == 'doc'.Requires-Dist: sphinx-lint ; extra == 'doc'.Requires-Dist: jaraco.tidelift >=1.4 ; extra == 'doc'.Provides-Extra: perf.Requires-D

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\importlib_metadata-8.0.0.dist-info\RECORD

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:CSV text
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):2518
                                                                                                                                                                                                              Entropy (8bit):5.6307766747793275
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:UnuXTg06U5J/Vw9l/gfNX7/XzBk9pvJq/fwJOfYrBfnJ/V0XJnzN/3WJV:bXzP/EgdzzBkDJsoIYrBfJ/CXNz9qV
                                                                                                                                                                                                              MD5:EB513CAFA5226DDA7D54AFDCC9AD8A74
                                                                                                                                                                                                              SHA1:B394C7AEC158350BAF676AE3197BEF4D7158B31C
                                                                                                                                                                                                              SHA-256:0D8D3C6EEB9EBBE86CAC7D60861552433C329DA9EA51248B61D02BE2E5E64030
                                                                                                                                                                                                              SHA-512:A0017CFAFF47FDA6067E3C31775FACEE4728C3220C2D4BD70DEF328BD20AA71A343E39DA15CD6B406F62311894C518DFCF5C8A4AE6F853946F26A4B4E767924E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:importlib_metadata-8.0.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..importlib_metadata-8.0.0.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358..importlib_metadata-8.0.0.dist-info/METADATA,sha256=anuQ7_7h4J1bSEzfcjIBakPi2cyVQ7y7jklLHsBeH1k,4648..importlib_metadata-8.0.0.dist-info/RECORD,,..importlib_metadata-8.0.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..importlib_metadata-8.0.0.dist-info/WHEEL,sha256=mguMlWGMX-VHnMpKOjjQidIo1ssRlCFu4a4mBpz1s2M,91..importlib_metadata-8.0.0.dist-info/top_level.txt,sha256=CO3fD9yylANiXkrMo4qHLV_mqXL2sC5JFKgt1yWAT-A,19..importlib_metadata/__init__.py,sha256=tZNB-23h8Bixi9uCrQqj9Yf0aeC--Josdy3IZRIQeB0,33798..importlib_metadata/__pycache__/__init__.cpython-312.pyc,,..importlib_metadata/__pycache__/_adapters.cpython-312.pyc,,..importlib_metadata/__pycache__/_collections.cpython-312.pyc,,..importlib_metadata/__pycache__/_compat.cpython-312.pyc,,..importlib_metadata/__pycac

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\importlib_metadata-8.0.0.dist-info\WHEEL

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):91
                                                                                                                                                                                                              Entropy (8bit):4.687870576189661
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:RtEeXMRYFAVLMvhRRP+tPCCfA5S:RtC1VLMvhjWBBf
                                                                                                                                                                                                              MD5:7D09837492494019EA51F4E97823D79F
                                                                                                                                                                                                              SHA1:7829B4324BB542799494131A270EC3BDAD4DEDEF
                                                                                                                                                                                                              SHA-256:9A0B8C95618C5FE5479CCA4A3A38D089D228D6CB1194216EE1AE26069CF5B363
                                                                                                                                                                                                              SHA-512:A0063220ECDD22C3E735ACFF6DE559ACF3AC4C37B81D37633975A22A28B026F1935CD1957C0FF7D2ECC8B7F83F250310795EECC5273B893FFAB115098F7B9C38
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:Wheel-Version: 1.0.Generator: setuptools (70.1.1).Root-Is-Purelib: true.Tag: py3-none-any..

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\importlib_metadata-8.0.0.dist-info\top_level.txt

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):19
                                                                                                                                                                                                              Entropy (8bit):3.536886723742169
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:JSej0EBERG:50o4G
                                                                                                                                                                                                              MD5:A24465F7850BA59507BF86D89165525C
                                                                                                                                                                                                              SHA1:4E61F9264DE74783B5924249BCFE1B06F178B9AD
                                                                                                                                                                                                              SHA-256:08EDDF0FDCB29403625E4ACCA38A872D5FE6A972F6B02E4914A82DD725804FE0
                                                                                                                                                                                                              SHA-512:ECF1F6B777970F5257BDDD353305447083008CEBD8E5A27C3D1DA9C7BDC3F9BF3ABD6881265906D6D5E11992653185C04A522F4DB5655FF75EEDB766F93D5D48
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:importlib_metadata.

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\jaraco\text\Lorem ipsum.txt

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:ASCII text, with very long lines (888)
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1335
                                                                                                                                                                                                              Entropy (8bit):4.226823573023539
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:FP6Hbz+g9RPZ14bJi04L6GEbX4UQF4UkZQhxI2EIhNyu:9E+i6bJmLm43+Uxxnh0u
                                                                                                                                                                                                              MD5:4CE7501F6608F6CE4011D627979E1AE4
                                                                                                                                                                                                              SHA1:78363672264D9CD3F72D5C1D3665E1657B1A5071
                                                                                                                                                                                                              SHA-256:37FEDCFFBF73C4EB9F058F47677CB33203A436FF9390E4D38A8E01C9DAD28E0B
                                                                                                                                                                                                              SHA-512:A4CDF92725E1D740758DA4DD28DF5D1131F70CEF46946B173FE6956CC0341F019D7C4FECC3C9605F354E1308858721DADA825B4C19F59C5AD1CE01AB84C46B24
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum..Curabitur pretium tincidunt lacus. Nulla gravida orci a odio. Nullam varius, turpis et commodo pharetra, est eros bibendum elit, nec luctus magna felis sollicitudin mauris. Integer in mauris eu nibh euismod gravida. Duis ac tellus et risus vulputate vehicula. Donec lobortis risus a elit. Etiam tempor. Ut ullamcorper, ligula eu tempor congue, eros est euismod turpis, id tincidunt sapien risus a quam. Maecenas fermentum consequat mi. Donec fermentum. Pellentesque malesuada nulla a mi. Duis sapien sem, aliquet nec, commodo eget, consequat quis, neque.

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\libcrypto-1_1.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3439512
                                                                                                                                                                                                              Entropy (8bit):6.096012359425593
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:98304:kw+jlHDGV+EafwAlViBksm1CPwDv3uFfJ1:1slHDG2fwAriXm1CPwDv3uFfJ1
                                                                                                                                                                                                              MD5:AB01C808BED8164133E5279595437D3D
                                                                                                                                                                                                              SHA1:0F512756A8DB22576EC2E20CF0CAFEC7786FB12B
                                                                                                                                                                                                              SHA-256:9C0A0A11629CCED6A064932E95A0158EE936739D75A56338702FED97CB0BAD55
                                                                                                                                                                                                              SHA-512:4043CDA02F6950ABDC47413CFD8A0BA5C462F16BCD4F339F9F5A690823F4D0916478CAB5CAE81A3D5B03A8A196E17A716B06AFEE3F92DEC3102E3BBC674774F2
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........R.m.R.m.R.m.[...@.m.0.l.P.m.0.h.^.m.0.i.Z.m.0.n.V.m.R.l..m..l.Y.m...n.O.m...i.+.m...m.S.m....S.m...o.S.m.RichR.m.........................PE..d...`.0b.........." ......$...................................................5......4...`..........................................x/..h...:4.@....p4.|....p2.8....\4.......4..O....,.8...........................`.,.@............04..............................text.....$.......$................. ..`.rdata........$.......$.............@..@.data...!z....1..,....1.............@....pdata.......p2.......1.............@..@.idata..^#...04..$....3.............@..@.00cfg..u....`4.......3.............@..@.rsrc...|....p4.......3.............@..@.reloc...y....4..z....3.............@..B................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\libffi-7.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):32792
                                                                                                                                                                                                              Entropy (8bit):6.3566777719925565
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:2nypDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYIoBneEAR8:2l0Vn5Q28J8qsqMttktDxOpWDG4yKRF
                                                                                                                                                                                                              MD5:EEF7981412BE8EA459064D3090F4B3AA
                                                                                                                                                                                                              SHA1:C60DA4830CE27AFC234B3C3014C583F7F0A5A925
                                                                                                                                                                                                              SHA-256:F60DD9F2FCBD495674DFC1555EFFB710EB081FC7D4CAE5FA58C438AB50405081
                                                                                                                                                                                                              SHA-512:DC9FF4202F74A13CA9949A123DFF4C0223DA969F49E9348FEAF93DA4470F7BE82CFA1D392566EAAA836D77DDE7193FED15A8395509F72A0E9F97C66C0A096016
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6.3.r}]Ar}]Ar}]A{..Ap}]A .\@p}]A..\@q}]Ar}\AU}]A .X@~}]A .Y@z}]A .^@q}]A..Y@t}]A..^@s}]A..]@s}]A.._@s}]ARichr}]A........................PE..d......].........." .....F...$.......I....................................................`..........................................j.......m..P....................f...............b...............................b...............`.. ............................text....D.......F.................. ..`.rdata..H....`.......J..............@..@.data................^..............@....pdata...............`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\libssl-1_1.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):698784
                                                                                                                                                                                                              Entropy (8bit):5.533720236597082
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12288:waXWJ978LddzAPcWTWxYx2OCf2QmAr39Zu+DIpEpXKWRq0qwMUxQU2lvz:dddzAjKnD/QGXKzpwMUCU2lvz
                                                                                                                                                                                                              MD5:DE72697933D7673279FB85FD48D1A4DD
                                                                                                                                                                                                              SHA1:085FD4C6FB6D89FFCC9B2741947B74F0766FC383
                                                                                                                                                                                                              SHA-256:ED1C8769F5096AFD000FC730A37B11177FCF90890345071AB7FBCEAC684D571F
                                                                                                                                                                                                              SHA-512:0FD4678C65DA181D7C27B19056D5AB0E5DD0E9714E9606E524CDAD9E46EC4D0B35FE22D594282309F718B30E065F6896674D3EDCE6B3B0C8EB637A3680715C2C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......{.T.?.:.?.:.?.:.6f..3.:.]f;.=.:..l;.=.:.]f?.3.:.]f>.7.:.]f9.;.:..g;.<.:.?.;...:..g>...:..g:.>.:..g.>.:..g8.>.:.Rich?.:.........PE..d.....0b.........." .....<...T......<................................................[....`.........................................00...N..HE..........s.......|M..............h... ...8...............................@............0..H............................text....:.......<.................. ..`.rdata..:....P...0...@..............@..@.data...AM.......D...p..............@....pdata..dV.......X..................@..@.idata..PW...0...X..................@..@.00cfg..u............d..............@..@.rsrc...s............f..............@..@.reloc..a............n..............@..B................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\mfc140u.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):6065952
                                                                                                                                                                                                              Entropy (8bit):6.6463891622960976
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:49152:Z+Uw5pDgPAnxE5I0UEjmCfK+KvqvH+K26AnLzYJMKDBONlPElQPcukuSwIbFLOAB:wc1AnqGnEuoFLOAkGkzdnEVomFHKnPg
                                                                                                                                                                                                              MD5:639DB7FE67E2E15D069A62C0EF4A971C
                                                                                                                                                                                                              SHA1:BDBF2517678F9066C4553E6FDACE0A366929185C
                                                                                                                                                                                                              SHA-256:760308CF8BEDAEBC4500049622D08DDCACA0024ACBD3B6BDCA1618EC48A91597
                                                                                                                                                                                                              SHA-512:83CD3E89DDAC3915686BCEEC25654F0A35FE66A1C27D95BCFD3B44BDC01DED0DF9BEB525E0604522F61D58183546AF63FFDD60F90E5BFFD648774169832D2335
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........Y.J.7.J.7.J.7..2..K.7..2.K.7..2.H.7..2.._.7.C...^.7.q.6.H.7.q.3.F.7.q.2.\.7..2..Y.7.J.6.J.7.q.4.L.7.q.>...7.q.7.K.7.q..K.7.q.5.K.7.RichJ.7.........................PE..d....Z.........." .....R0...,..............................................0]......J]...`A........................................@.A.......A...... F.......C..O...P\. ?....[..o.. t5.8...................Xt5.(....u1..............p0.P.....@......................text....P0......R0................. ..`.rdata..B....p0......V0.............@..@.data...pi...@B...... B.............@....pdata...O....C..P....B.............@..@.didat..H.....F......@E.............@....tls..........F......FE.............@....rsrc........ F......HE.............@..@.reloc...o....[..p....Z.............@..B........................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\pyexpat.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):198568
                                                                                                                                                                                                              Entropy (8bit):6.360283939217406
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3072:rkPTemtXBsiLC/QOSL6XZIMuPbBV3Dy9zeL9ef93d1BVdOd8dVyio0OwUpz1RPoi:AKmVG/pxIMuPbBFEFDBwpp2W
                                                                                                                                                                                                              MD5:6BC89EBC4014A8DB39E468F54AAAFA5E
                                                                                                                                                                                                              SHA1:68D04E760365F18B20F50A78C60CCFDE52F7FCD8
                                                                                                                                                                                                              SHA-256:DBE6E7BE3A7418811BD5987B0766D8D660190D867CD42F8ED79E70D868E8AA43
                                                                                                                                                                                                              SHA-512:B7A6A383EB131DEB83EEE7CC134307F8545FB7D043130777A8A9A37311B64342E5A774898EDD73D80230AB871C4D0AA0B776187FA4EDEC0CCDE5B9486DBAA626
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O...........6...k.....k.....k.....k.....o............|.o.....o.....o.Z...o.....Rich..................PE..d....K.b.........." ... ............0................................................0....`.........................................`...P................................)..........@6..T............................5..@............ ...............................text...K........................... ..`.rdata....... ......................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\python310.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4493736
                                                                                                                                                                                                              Entropy (8bit):6.465157771728023
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:49152:5vL1txd/8sCmiAiPw+RxtLzli0Im3wOc+28Ivu31WfbF9PtF+FNDHaSclAaBlh7y:Dw7Ad07RmodacSeSHCMTbSp4PS
                                                                                                                                                                                                              MD5:C80B5CB43E5FE7948C3562C1FFF1254E
                                                                                                                                                                                                              SHA1:F73CB1FB9445C96ECD56B984A1822E502E71AB9D
                                                                                                                                                                                                              SHA-256:058925E4BBFCB460A3C00EC824B8390583BAEF0C780A7C7FF01D43D9EEC45F20
                                                                                                                                                                                                              SHA-512:FAA97A9D5D2A0BF78123F19F8657C24921B907268938C26F79E1DF6D667F7BEE564259A3A11022E8629996406CDA9FA00434BB2B1DE3E10B9BDDC59708DBAD81
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+.o...o...o.......m.......b.......c.......g.......k...f.`.u......f...o...3..............n.......n.......n...Richo...................PE..d....K.b.........." ... ..#...!.....|!........................................E.....{.D...`..........................................G=.......>.|.....E.......B......hD..)....E..t...Q%.T...........................`P%.@.............#.0............................text.....#.......#................. ..`.rdata...\....#..^....#.............@..@.data... ....0>.......>.............@....pdata........B.. ....A.............@..@PyRuntim`.....D.......C.............@....rsrc.........E.......C.............@..@.reloc...t....E..v....C.............@..B................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\pythoncom310.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):556544
                                                                                                                                                                                                              Entropy (8bit):6.015390811366772
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12288:ANPciA4K8pFTtd5giF7kvRQi+mpdfxpxlL1:+PbBK8pFTtd5giFmvb
                                                                                                                                                                                                              MD5:B7ACFAD9F0F36E7CF8BFB0DD58360FFE
                                                                                                                                                                                                              SHA1:8FA816D403F126F3326CB6C73B83032BB0590107
                                                                                                                                                                                                              SHA-256:461328C988D4C53F84579FC0880C4A9382E14B0C8B830403100A2FA3DF0FD9A9
                                                                                                                                                                                                              SHA-512:4FED8A9162A9A2EBC113EA44D461FB498F9F586730218D9C1CDDCD7C8C803CAD6DEA0F563B8D7533321ECB25F6153CA7C5777C314E7CB76D159E39E74C72D1B8
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s...7y.^7y.^7y.^>.[^=y.^.'._5y.^.'._5y.^.'._#y.^.'._?y.^.'._5y.^D.._:y.^..._5y.^D.._>y.^7y.^fx.^.'._fy.^.'._6y.^.'._6y.^Rich7y.^........PE..d......a.........." .....H...2.......6.......................................p............`.............................................@c...i.......@..l........p...........P..`.......T...........................P................`...............................text...LF.......H.................. ..`.rdata...3...`...4...L..............@..@.data............h..................@....pdata...p.......r..................@..@.gfids..4....0.......Z..............@..@.rsrc...l....@.......\..............@..@.reloc..`....P.......`..............@..B................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\pywintypes310.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):142336
                                                                                                                                                                                                              Entropy (8bit):5.9648110046839244
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3072:iuNj4Vsl6Cj2CYrrC04pFiYDQcaSWvTidrSsu5:iuxqs9j2CYrrC0Ki5caS2TidrSD
                                                                                                                                                                                                              MD5:F200CA466BF3B8B56A272460E0EE4ABC
                                                                                                                                                                                                              SHA1:CA18E04F143424B06E0DF8D00D995C2873AA268D
                                                                                                                                                                                                              SHA-256:A6700CA2BEE84C1A051BA4B22C0CDE5A6A5D3E35D4764656CFDC64639C2F6B77
                                                                                                                                                                                                              SHA-512:29BF2425B665AF9D2F9FD7795BF2AB012AA96FAED9A1A023C86AFA0D2036CC6014B48116940FAD93B7DE1E8F4F93EB709CC9319439D7609B79FD8B92669B377D
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........V.V.7...7...7...O$..7...i...7..b.p..7...i...7...i...7...i...7...U...7..f^...7...U...7...7...7..Vi...7..Vi...7..Vi...7..Rich.7..................PE..d...i..a.........." .........@......`.....................................................`..............................................H...........`..l....0..X............p.......h..T...........................0i..................h............................text...*........................... ..`.rdata..............................@..@.data....1.......0..................@....pdata..X....0......................@..@.gfids..4....P......."..............@..@.rsrc...l....`.......$..............@..@.reloc.......p.......(..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\select.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):29096
                                                                                                                                                                                                              Entropy (8bit):6.4767692602677815
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:rPxHeWt+twhCBsHqF2BMXR6VIS7GuIYiSy1pCQkyw24i/8E9VFL2Ut8JU:ZeS+twhC6HqwmYVIS7GjYiSyv7VeEdH
                                                                                                                                                                                                              MD5:ADC412384B7E1254D11E62E451DEF8E9
                                                                                                                                                                                                              SHA1:04E6DFF4A65234406B9BC9D9F2DCFE8E30481829
                                                                                                                                                                                                              SHA-256:68B80009AB656FFE811D680585FAC3D4F9C1B45F29D48C67EA2B3580EC4D86A1
                                                                                                                                                                                                              SHA-512:F250F1236882668B2686BD42E1C334C60DA7ABEC3A208EBEBDEE84A74D7C4C6B1BC79EED7241BC7012E4EF70A6651A32AA00E32A83F402475B479633581E0B07
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{?t..Q'..Q'..Q'.b.'..Q'.`P&..Q'.`T&..Q'.`U&..Q'.`R&..Q'.`P&..Q'..P'..Q'5hP&..Q'.`\&..Q'.`Q&..Q'.`.'..Q'.`S&..Q'Rich..Q'........................PE..d....K.b.........." ... .....2......................................................l.....`..........................................@..L....@..x....p.......`.......H...)......L....3..T............................2..@............0...............................text............................... ..`.rdata..H....0......................@..@.data........P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\sqlite3.dll

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1445800
                                                                                                                                                                                                              Entropy (8bit):6.579172773828651
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24576:tU3g/eNVQHzcayG7b99ZSYR4eXj98nXMuVp+qbLKeq98srCIS:ck3hbEAp8X9Vp+2q2gI
                                                                                                                                                                                                              MD5:926DC90BD9FAF4EFE1700564AA2A1700
                                                                                                                                                                                                              SHA1:763E5AF4BE07444395C2AB11550C70EE59284E6D
                                                                                                                                                                                                              SHA-256:50825EA8B431D86EC228D9FA6B643E2C70044C709F5D9471D779BE63FF18BCD0
                                                                                                                                                                                                              SHA-512:A8703FF97243AA3BC877F71C0514B47677B48834A0F2FEE54E203C0889A79CE37C648243DBFE2EE9E1573B3CA4D49C334E9BFE62541653125861A5398E2FE556
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|{.............e.......g.......g.......g.......g......Po...............g.......g.......g.....g......Rich............PE..d....L.b.........." ... ..................................................... .......`....`..............................................!...................0...........)......|...Pg..T............................f..@............ ..(............................text............................... ..`.rdata..D.... ......................@..@.data...0A.......8..................@....pdata.......0......................@..@.rsrc...............................@..@.reloc..|...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\unicodedata.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1121192
                                                                                                                                                                                                              Entropy (8bit):5.384501252071814
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12288:bMYYMmuZ63NoQCb5Pfhnzr0ql8L8koM7IRG5eeme6VZyrIBHdQLhfFE+uz9O:AYYuXZV0m8wMMREtV6Vo4uYz9O
                                                                                                                                                                                                              MD5:102BBBB1F33CE7C007AAC08FE0A1A97E
                                                                                                                                                                                                              SHA1:9A8601BEA3E7D4C2FA6394611611CDA4FC76E219
                                                                                                                                                                                                              SHA-256:2CF6C5DEA30BB0584991B2065C052C22D258B6E15384447DCEA193FDCAC5F758
                                                                                                                                                                                                              SHA-512:A07731F314E73F7A9EA73576A89CCB8A0E55E53F9B5B82F53121B97B1814D905B17A2DA9BD2EDA9F9354FC3F15E3DEA7A613D7C9BC98C36BBA653743B24DFC32
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........(..F...F...F......F..G...F..C...F..B...F..E...F...G...F.C.G...F...G...F...K...F...F...F.......F...D...F.Rich..F.........................PE..d....K.b.........." ... .B...........*.......................................@......Y.....`.............................................X...(........ ...................)...0......@b..T............................a..@............`..x............................text....A.......B.................. ..`.rdata......`.......F..............@..@.data...............................@....pdata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\wheel-0.43.0.dist-info\INSTALLER

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4
                                                                                                                                                                                                              Entropy (8bit):1.5
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:Mn:M
                                                                                                                                                                                                              MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                              SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                              SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                              SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:pip.

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\wheel-0.43.0.dist-info\LICENSE.txt

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1107
                                                                                                                                                                                                              Entropy (8bit):5.115074330424529
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24:PWmrRONJHLH0cPP3gtkHw1h39QHOsUv4eOk4/+jvho3nPz:ttONJbbvE/NQHOs5eNS3n7
                                                                                                                                                                                                              MD5:7FFB0DB04527CFE380E4F2726BD05EBF
                                                                                                                                                                                                              SHA1:5B39C45A91A556E5F1599604F1799E4027FA0E60
                                                                                                                                                                                                              SHA-256:30C23618679108F3E8EA1D2A658C7CA417BDFC891C98EF1A89FA4FF0C9828654
                                                                                                                                                                                                              SHA-512:205F284F3A7E8E696C70ED7B856EE98C1671C68893F0952EEC40915A383BC452B99899BDC401F9FE161A1BF9B6E2CEA3BCD90615EEE9173301657A2CE4BAFE14
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MIT License..Copyright (c) 2012 Daniel Holth <dholth@fastmail.fm> and contributors..Permission is hereby granted, free of charge, to any person obtaining a.copy of this software and associated documentation files (the "Software"),.to deal in the Software without restriction, including without limitation.the rights to use, copy, modify, merge, publish, distribute, sublicense,.and/or sell copies of the Software, and to permit persons to whom the.Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included.in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL.THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR.OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERW

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\wheel-0.43.0.dist-info\METADATA

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):2153
                                                                                                                                                                                                              Entropy (8bit):5.088249746074878
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:48:DEhpFu5MktjaywDK48d+md+7uT8RfkD1UKd+mOl1Awry:DEhpiMktjayq/7kOfsUzmbYy
                                                                                                                                                                                                              MD5:EBEA27DA14E3F453119DC72D84343E8C
                                                                                                                                                                                                              SHA1:7CEB6DBE498B69ABF4087637C6F500742FF7E2B4
                                                                                                                                                                                                              SHA-256:59BAC22B00A59D3E5608A56B8CF8EFC43831A36B72792EE4389C9CD4669C7841
                                                                                                                                                                                                              SHA-512:A41593939B9325D40CB67FD3F41CD1C9E9978F162487FB469094C41440B5F48016B9A66BE2E6E4A0406D6EEDB25CE4F5A860BA1E3DC924B81F63CEEE3AE31117
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:Metadata-Version: 2.1.Name: wheel.Version: 0.43.0.Summary: A built-package format for Python.Keywords: wheel,packaging.Author-email: Daniel Holth <dholth@fastmail.fm>.Maintainer-email: Alex Gr.nholm <alex.gronholm@nextday.fi>.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: Topic :: System :: Archiving :: Packaging.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Requires-Dist: pytest >= 6.0.0 ; extra == "test".Requires-Dist: setuptools >= 65 ; extra == "test".Project-URL: Changelog, https://wheel.readthedocs.io/en/s

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\wheel-0.43.0.dist-info\RECORD

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:CSV text
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4557
                                                                                                                                                                                                              Entropy (8bit):5.714200636114494
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:QXVuEmegx01TQIvFCiq9H/H7vp88FxTXiJPkGJP4CWweXQHmnDpMI78IegK5EeZR:QXVxAbYkU4CWweXQHmnDpMeV2BvTRqQF
                                                                                                                                                                                                              MD5:44D352C4997560C7BFB82D9360F5985A
                                                                                                                                                                                                              SHA1:BE58C7B8AB32790384E4E4F20865C4A88414B67A
                                                                                                                                                                                                              SHA-256:783E654742611AF88CD9F00BF01A431A219DB536556E63FF981C7BD673070AC9
                                                                                                                                                                                                              SHA-512:281B1D939A560E6A08D0606E5E8CE15F086B4B45738AB41ED6B5821968DC8D764CD6B25DB6BA562A07018C271ABF17A6BC5A380FAD05696ADF1D11EE2C5749C8
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:../../bin/wheel,sha256=cT2EHbrv-J-UyUXu26cDY-0I7RgcruysJeHFanT1Xfo,249..wheel-0.43.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..wheel-0.43.0.dist-info/LICENSE.txt,sha256=MMI2GGeRCPPo6h0qZYx8pBe9_IkcmO8aifpP8MmChlQ,1107..wheel-0.43.0.dist-info/METADATA,sha256=WbrCKwClnT5WCKVrjPjvxDgxo2tyeS7kOJyc1GaceEE,2153..wheel-0.43.0.dist-info/RECORD,,..wheel-0.43.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..wheel-0.43.0.dist-info/WHEEL,sha256=EZbGkh7Ie4PoZfRQ8I0ZuP9VklN_TvcZ6DSE5Uar4z4,81..wheel-0.43.0.dist-info/entry_points.txt,sha256=rTY1BbkPHhkGMm4Q3F0pIzJBzW2kMxoG1oriffvGdA0,104..wheel/__init__.py,sha256=D6jhH00eMzbgrXGAeOwVfD5i-lCAMMycuG1L0useDlo,59..wheel/__main__.py,sha256=NkMUnuTCGcOkgY0IBLgBCVC_BGGcWORx2K8jYGS12UE,455..wheel/__pycache__/__init__.cpython-312.pyc,,..wheel/__pycache__/__main__.cpython-312.pyc,,..wheel/__pycache__/_setuptools_logging.cpython-312.pyc,,..wheel/__pycache__/bdist_wheel.cpython-312.pyc,,..wheel/__pycache

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\wheel-0.43.0.dist-info\WHEEL

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):81
                                                                                                                                                                                                              Entropy (8bit):4.672346887071811
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:RtEeX/QFM+vxP+tPCCfA5I:Rt1Qq2WBB3
                                                                                                                                                                                                              MD5:24019423EA7C0C2DF41C8272A3791E7B
                                                                                                                                                                                                              SHA1:AAE9ECFB44813B68CA525BA7FA0D988615399C86
                                                                                                                                                                                                              SHA-256:1196C6921EC87B83E865F450F08D19B8FF5592537F4EF719E83484E546ABE33E
                                                                                                                                                                                                              SHA-512:09AB8E4DAA9193CFDEE6CF98CCAE9DB0601F3DCD4944D07BF3AE6FA5BCB9DC0DCAFD369DE9A650A38D1B46C758DB0721EBA884446A8A5AD82BB745FD5DB5F9B1
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:Wheel-Version: 1.0.Generator: flit 3.9.0.Root-Is-Purelib: true.Tag: py3-none-any.

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\wheel-0.43.0.dist-info\entry_points.txt

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):104
                                                                                                                                                                                                              Entropy (8bit):4.271713330022269
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:1SSAnAYgh+MWTMhk6WjrAM5t5ln:1Jb9WTMhk9jUM5t5ln
                                                                                                                                                                                                              MD5:6180E17C30BAE5B30DB371793FCE0085
                                                                                                                                                                                                              SHA1:E3A12C421562A77D90A13D8539A3A0F4D3228359
                                                                                                                                                                                                              SHA-256:AD363505B90F1E1906326E10DC5D29233241CD6DA4331A06D68AE27DFBC6740D
                                                                                                                                                                                                              SHA-512:69EAE7B1E181D7BA1D3E2864D31E1320625A375E76D3B2FBF8856B3B6515936ACE3138D4D442CABDE7576FCFBCBB0DEED054D90B95CFA1C99829DB12A9031E26
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:[console_scripts].wheel=wheel.cli:main..[distutils.commands].bdist_wheel=wheel.bdist_wheel:bdist_wheel..

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\win32api.cp310-win_amd64.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):134656
                                                                                                                                                                                                              Entropy (8bit):5.84231912519238
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3072:UTqjiGbjKyRYDoe/hnLbAZ4l39KxN36w/Ii/MVjmzuQrEZ5nOmdZsQ/:DKyRCoe/joxNqw/v/MVjOu7VOI
                                                                                                                                                                                                              MD5:EC7C48EA92D9FF0C32C6D87EE8358BD0
                                                                                                                                                                                                              SHA1:A67A417FDB36C84871D0E61BFB1015CB30C9898A
                                                                                                                                                                                                              SHA-256:A0F3CC0E98BEA5A598E0D4367272E4C65BF446F21932DC2A051546B098D6CE62
                                                                                                                                                                                                              SHA-512:C06E3C0260B918509947A89518D55F0CB03CB19FC28D9E7ED9E3F837D71DF31154F0093929446A93A7C7DA1293FFD0CC69547E2540F15E3055FE1D12D837F935
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........A$. J.. J.. J..X.. J..~K.. J..~I.. J..~N.. J.&~K.. J..IK.. J..~O.. J..BK.. J.. K..!J.&~O.. J.&~J.. J.&~H.. J.Rich. J.........................PE..d......a.........." .........................................................`............`.........................................`................@.......................P.......~..T...........................P}............... .........@....................text............................... ..`.rdata..r.... ......................@..@.data....#......."..................@....pdata..............................@..@.gfids..4....0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\win32trace.cp310-win_amd64.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):22528
                                                                                                                                                                                                              Entropy (8bit):5.158789189249445
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:6urA4fVFfFRGFV8fuL0G0T84Q9NNNIRV0KlnOjUgx908x8J:F7XsF9NNNIR2Eny908x8
                                                                                                                                                                                                              MD5:E726734D5D2E42CF0861D24BCF741B09
                                                                                                                                                                                                              SHA1:6AF8A994AD84259F7CF2A8F452B55AE44264BCC6
                                                                                                                                                                                                              SHA-256:3592ABD55C972C9DFE2BAC104FBE3E1B4D1E392A3D29D7C5DB3745A624FA6FF4
                                                                                                                                                                                                              SHA-512:2B60EDD06124C8F053D4573328697A9AF4D6EB077DCDBF833BA3E6DB574A7C32ABF1C72530C43CCBDE313A59066393DADAF2AAE8A7CC3FDB156ADD894D898542
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................."..........................................................................Rich............PE..d...~..a.........." .....&.......... (....................................................`.........................................pP..d....P...............p..`...............x....H..T...........................0I...............@...............................text....%.......&.................. ..`.rdata..|....@.......*..............@..@.data........`.......F..............@....pdata..`....p.......L..............@..@.gfids...............P..............@..@.rsrc................R..............@..@.reloc..x............V..............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI57602\win32ui.cp310-win_amd64.pyd

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1427456
                                                                                                                                                                                                              Entropy (8bit):5.324047632064682
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12288:gAEcgh+WcQNWxzi7HE699jXRZbkGX/VqtpkZAJRb8tUTfU2Bz:DEcvVGWQhHFNWBJ9H
                                                                                                                                                                                                              MD5:9BF4110256A7B953AFA9D43A3E0944BB
                                                                                                                                                                                                              SHA1:0D605B4D5FED9F7861C440B62BB02181E39EFA2B
                                                                                                                                                                                                              SHA-256:484C51248076FB77A6FC5FB512A37BB404025568CDC8702D252DF2191DC720A4
                                                                                                                                                                                                              SHA-512:07740EB7AE3B6D1091064AA2E550515D9AEC0C021B316E4BB9EFD21984322C7765F84A9110C1FCB59164B529FFB04C2B6D6611AB55C764D5D360B27F094A120C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........G..............C.....................................................8...........]...................../.............Rich....................PE..d.../..a.........." .....x...L............................................................`..........................................`...T......h............0............... ..P]......T......................(...@....................0...........................text... w.......x.................. ..`.rdata...w.......x...|..............@..@.data...............................@....pdata.......0......................@..@.gfids..@............L..............@..@.tls.................N..............@....rsrc................P..............@..@.reloc..P]... ...^...j..............@..B................................................................................................................................................

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmpstfjbkdc\gen_py\__init__.py

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):176
                                                                                                                                                                                                              Entropy (8bit):4.713840781302666
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:S3yE25MOWrYXtHVE/DRFrgm5/gvJgXDLAUDA+ERo6+aEYqVS1f6gq1WGgVSBn:S3mSOWWHVUDjrgmxgRgzLXDA6Va8VeuR
                                                                                                                                                                                                              MD5:8C7CA775CF482C6027B4A2D3DB0F6A31
                                                                                                                                                                                                              SHA1:E3596A87DD6E81BA7CF43B0E8E80DA5BC823EA1A
                                                                                                                                                                                                              SHA-256:52C72CF96B12AE74D84F6C049775DA045FAE47C007DC834CA4DAC607B6F518EA
                                                                                                                                                                                                              SHA-512:19C7D229723249885B125121B3CC86E8C571360C1FB7F2AF92B251E6354A297B4C2B9A28E708F2394CA58C35B20987F8B65D9BD6543370F063BBD59DB4A186AC
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:# Generated file - this directory may be deleted to reset the COM cache.....import win32com..if __path__[:-1] != win32com.__gen_path__: __path__.append(win32com.__gen_path__)..

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmpstfjbkdc\gen_py\dicts.dat

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):10
                                                                                                                                                                                                              Entropy (8bit):2.7219280948873625
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:qW6:qW6
                                                                                                                                                                                                              MD5:2C7344F3031A5107275CE84AED227411
                                                                                                                                                                                                              SHA1:68ACAD72A154CBE8B2D597655FF84FD31D57C43B
                                                                                                                                                                                                              SHA-256:83CDA9FECC9C008B22C0C8E58CBCBFA577A3EF8EE9B2F983ED4A8659596D5C11
                                                                                                                                                                                                              SHA-512:F58362C70A2017875D231831AE5868DF22D0017B00098A28AACB5753432E8C4267AA7CBF6C5680FEB2DC9B7ABADE5654C3651685167CC26AA208A9EB71528BB6
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:..K....}..

                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                              General

                                                                                                                                                                                                              File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                              Entropy (8bit):6.682258881440101
                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                              • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                              • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                              File name:Ei5hvT55El.exe
                                                                                                                                                                                                              File size:19'934'081 bytes
                                                                                                                                                                                                              MD5:d162e84ba7fba61543ef898b324ec251
                                                                                                                                                                                                              SHA1:4e1addeae5f762beb2897d82bee6619631cb45c2
                                                                                                                                                                                                              SHA256:b6699f37fbf92723e57430df189036bc6a8b438776e815a9c4805ed5cae1c417
                                                                                                                                                                                                              SHA512:21f27375057dd287a09ed635b6427ece6267cca39ad8657fd8e9212bd7293997f042ae7392b2fe38c02aaf181f6ea1ec157906b4cceb4219ef5f3069926c838c
                                                                                                                                                                                                              SSDEEP:393216:bSatY8L2Vmd6melh2pOc/e+7G99YP0BmRFN+Mebm:bSai8yVmdKQpOun0Apim
                                                                                                                                                                                                              TLSH:5C17334052A006C9F3EA483388779527AB75F85A5F9BD78FC75C86200FB31EA5D71BA0
                                                                                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'X.8c9.kc9.kc9.kwR.jh9.kwR.jd9.kwR.j.9.k.V#kg9.k1L.jE9.k1L.jr9.k1L.jj9.kwR.jh9.kc9.k.9.k.L.jp9.k.L.jb9.kRichc9.k...............

                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                              Icon Hash:00928e8e8686b000

                                                                                                                                                                                                              Static PE Info

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Entrypoint:0x14000a8c8
                                                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                                                              Digitally signed:false
                                                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                              Time Stamp:0x6750E25E [Wed Dec 4 23:14:38 2024 UTC]
                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                              OS Version Major:5
                                                                                                                                                                                                              OS Version Minor:2
                                                                                                                                                                                                              File Version Major:5
                                                                                                                                                                                                              File Version Minor:2
                                                                                                                                                                                                              Subsystem Version Major:5
                                                                                                                                                                                                              Subsystem Version Minor:2
                                                                                                                                                                                                              Import Hash:c5640c7a22008f949f9bc94a27623f95

                                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                              sub esp, 28h
                                                                                                                                                                                                              call 00007F4600DEA09Ch
                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                              add esp, 28h
                                                                                                                                                                                                              jmp 00007F4600DE9A1Fh
                                                                                                                                                                                                              int3
                                                                                                                                                                                                              int3
                                                                                                                                                                                                              inc eax
                                                                                                                                                                                                              push ebx
                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                              sub esp, 20h
                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                              mov ebx, ecx
                                                                                                                                                                                                              xor ecx, ecx
                                                                                                                                                                                                              call dword ptr [0001A8D3h]
                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                              mov ecx, ebx
                                                                                                                                                                                                              call dword ptr [0001A8C2h]
                                                                                                                                                                                                              call dword ptr [0001A83Ch]
                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                              mov ecx, eax
                                                                                                                                                                                                              mov edx, C0000409h
                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                              add esp, 20h
                                                                                                                                                                                                              pop ebx
                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                              jmp dword ptr [0001A8B8h]
                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                              mov dword ptr [esp+08h], ecx
                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                              sub esp, 38h
                                                                                                                                                                                                              mov ecx, 00000017h
                                                                                                                                                                                                              call dword ptr [0001A8ACh]
                                                                                                                                                                                                              test eax, eax
                                                                                                                                                                                                              je 00007F4600DE9BA9h
                                                                                                                                                                                                              mov ecx, 00000002h
                                                                                                                                                                                                              int 29h
                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                              lea ecx, dword ptr [0003B6DAh]
                                                                                                                                                                                                              call 00007F4600DE9D6Eh
                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                              mov eax, dword ptr [esp+38h]
                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                              mov dword ptr [0003B7C1h], eax
                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                              lea eax, dword ptr [esp+38h]
                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                              add eax, 08h
                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                              mov dword ptr [0003B751h], eax
                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                              mov eax, dword ptr [0003B7AAh]
                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                              mov dword ptr [0003B61Bh], eax
                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                              mov eax, dword ptr [esp+40h]
                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                              mov dword ptr [0003B71Fh], eax
                                                                                                                                                                                                              mov dword ptr [0003B5F5h], C0000409h
                                                                                                                                                                                                              mov dword ptr [0003B5EFh], 00000001h
                                                                                                                                                                                                              mov dword ptr [0003B5F9h], 00000001h

                                                                                                                                                                                                              Data Directories

                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x35b180x78.rdata
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x4b0000x5fc.rsrc
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x480000x1de8.pdata
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x4c0000x748.reloc
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x339200x1c.rdata
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x339400x138.rdata
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x250000x3e8.rdata
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                              Sections

                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                              .text0x10000x235d00x23600050ad070d74c0ab2baca6ee9c3b61b5dFalse0.5690426236749117data6.471510843579973IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                              .rdata0x250000x118980x11a0041b70ae4502758e24e137cafe311eeb7False0.4956504875886525PGP symmetric key encrypted data - Plaintext or unencrypted data5.711786264889031IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                              .data0x370000x103980xc00b88590ca230f956ba7b5bffcbee69475False0.138671875data1.8589891596226968IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                              .pdata0x480000x1de80x1e00626ab1518bc3687e03dacd39bbfde649False0.4921875data5.392285019157171IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                              _RDATA0x4a0000xf40x2003fa4bb815d2865eb13ca6b140ccf210fFalse0.302734375data1.9616758456060694IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                              .rsrc0x4b0000x5fc0x600e9f38e874665b2f0eec96d08193b0b48False0.4609375data5.4060894423190256IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                              .reloc0x4c0000x7480x800ab10229e6319ea5b4dde9f2a80ec60f0False0.55322265625data5.222259043944798IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                              Resources

                                                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                              RT_MANIFEST0x4b0580x5a2XML 1.0 document, ASCII text, with CRLF line terminators0.45145631067961167

                                                                                                                                                                                                              Imports

                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                              USER32.dllCreateWindowExW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                                                                              COMCTL32.dll
                                                                                                                                                                                                              KERNEL32.dllGetACP, IsValidCodePage, GetStringTypeW, GetFileAttributesExW, FlushFileBuffers, GetCurrentDirectoryW, GetOEMCP, GetCPInfo, GetModuleHandleW, MulDiv, GetLastError, SetDllDirectoryW, GetModuleFileNameW, GetProcAddress, GetEnvironmentStringsW, GetEnvironmentVariableW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LoadLibraryExW, CloseHandle, GetCurrentProcess, LocalFree, FormatMessageW, MultiByteToWideChar, WideCharToMultiByte, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW, SetEndOfFile, GetCommandLineW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, RaiseException, GetCommandLineA, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindClose, FindFirstFileExW, FindNextFileW, SetStdHandle, SetConsoleCtrlHandler, DeleteFileW, ReadFile, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, CompareStringW, LCMapStringW
                                                                                                                                                                                                              ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                                                                              GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                              Suricata IDS Alerts

                                                                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                              2024-12-19T08:42:08.200831+01002058114ET MALWARE Iris Stealer CnC Domain in DNS Lookup (irisstealer .xyz)1192.168.2.8493341.1.1.153UDP

                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                              Dec 19, 2024 08:42:08.200830936 CET4933453192.168.2.81.1.1.1
                                                                                                                                                                                                              Dec 19, 2024 08:42:08.502396107 CET53493341.1.1.1192.168.2.8

                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                              Dec 19, 2024 08:42:08.200830936 CET192.168.2.81.1.1.10x3304Standard query (0)script.irisstealer.xyzA (IP address)IN (0x0001)false

                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                              Dec 19, 2024 08:42:08.502396107 CET1.1.1.1192.168.2.80x3304Name error (3)script.irisstealer.xyznonenoneA (IP address)IN (0x0001)false

                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                              Behavior

                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:1
                                                                                                                                                                                                              Start time:02:42:00
                                                                                                                                                                                                              Start date:19/12/2024
                                                                                                                                                                                                              Path:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\Ei5hvT55El.exe"
                                                                                                                                                                                                              Imagebase:0x7ff6fa940000
                                                                                                                                                                                                              File size:19'934'081 bytes
                                                                                                                                                                                                              MD5 hash:D162E84BA7FBA61543EF898B324EC251
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:4
                                                                                                                                                                                                              Start time:02:42:03
                                                                                                                                                                                                              Start date:19/12/2024
                                                                                                                                                                                                              Path:C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\Ei5hvT55El.exe"
                                                                                                                                                                                                              Imagebase:0x7ff6fa940000
                                                                                                                                                                                                              File size:19'934'081 bytes
                                                                                                                                                                                                              MD5 hash:D162E84BA7FBA61543EF898B324EC251
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:5
                                                                                                                                                                                                              Start time:02:42:04
                                                                                                                                                                                                              Start date:19/12/2024
                                                                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                              Commandline:C:\Windows\system32\cmd.exe /c "ver"
                                                                                                                                                                                                              Imagebase:0x7ff77c4d0000
                                                                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:6
                                                                                                                                                                                                              Start time:02:42:04
                                                                                                                                                                                                              Start date:19/12/2024
                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                              Imagebase:0x7ff6ee680000
                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                Execution Coverage:12.5%
                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                Signature Coverage:13.7%
                                                                                                                                                                                                                Total number of Nodes:2000
                                                                                                                                                                                                                Total number of Limit Nodes:80
                                                                                                                                                                                                                execution_graph 15080 7ff6fa9542d8 15081 7ff6fa9542f5 GetModuleHandleW 15080->15081 15082 7ff6fa95433f 15080->15082 15081->15082 15088 7ff6fa954302 15081->15088 15090 7ff6fa9541d0 15082->15090 15088->15082 15104 7ff6fa9543e0 GetModuleHandleExW 15088->15104 15110 7ff6fa95af44 EnterCriticalSection 15090->15110 15105 7ff6fa954406 GetProcAddress 15104->15105 15106 7ff6fa954425 15104->15106 15105->15106 15107 7ff6fa95441d 15105->15107 15108 7ff6fa954435 15106->15108 15109 7ff6fa95442f FreeLibrary 15106->15109 15107->15106 15108->15082 15109->15108 17967 7ff6fa958364 17968 7ff6fa958369 17967->17968 17969 7ff6fa95837e 17967->17969 17973 7ff6fa958384 17968->17973 17974 7ff6fa9583c6 17973->17974 17975 7ff6fa9583ce 17973->17975 17976 7ff6fa9559cc __free_lconv_mon 13 API calls 17974->17976 17977 7ff6fa9559cc __free_lconv_mon 13 API calls 17975->17977 17976->17975 17978 7ff6fa9583db 17977->17978 17979 7ff6fa9559cc __free_lconv_mon 13 API calls 17978->17979 17980 7ff6fa9583e8 17979->17980 17981 7ff6fa9559cc __free_lconv_mon 13 API calls 17980->17981 17982 7ff6fa9583f5 17981->17982 17983 7ff6fa9559cc __free_lconv_mon 13 API calls 17982->17983 17984 7ff6fa958402 17983->17984 17985 7ff6fa9559cc __free_lconv_mon 13 API calls 17984->17985 17986 7ff6fa95840f 17985->17986 17987 7ff6fa9559cc __free_lconv_mon 13 API calls 17986->17987 17988 7ff6fa95841c 17987->17988 17989 7ff6fa9559cc __free_lconv_mon 13 API calls 17988->17989 17990 7ff6fa958429 17989->17990 17991 7ff6fa9559cc __free_lconv_mon 13 API calls 17990->17991 17992 7ff6fa958439 17991->17992 17993 7ff6fa9559cc __free_lconv_mon 13 API calls 17992->17993 17994 7ff6fa958449 17993->17994 17999 7ff6fa958234 17994->17999 18013 7ff6fa95af44 EnterCriticalSection 17999->18013 14309 7ff6fa95a16c 14310 7ff6fa95a354 14309->14310 14312 7ff6fa95a1af _isindst 14309->14312 14311 7ff6fa94fc70 _get_daylight 13 API calls 14310->14311 14327 7ff6fa95a346 14311->14327 14312->14310 14315 7ff6fa95a22b _isindst 14312->14315 14313 7ff6fa94a5f0 _wfindfirst32i64 8 API calls 14314 7ff6fa95a36f 14313->14314 14330 7ff6fa9605b4 14315->14330 14320 7ff6fa95a380 14322 7ff6fa955984 _wfindfirst32i64 17 API calls 14320->14322 14324 7ff6fa95a394 14322->14324 14327->14313 14328 7ff6fa95a288 14328->14327 14355 7ff6fa9605f4 14328->14355 14331 7ff6fa9605c2 14330->14331 14332 7ff6fa95a249 14330->14332 14362 7ff6fa95af44 EnterCriticalSection 14331->14362 14337 7ff6fa95f9b0 14332->14337 14338 7ff6fa95f9b9 14337->14338 14339 7ff6fa95a25e 14337->14339 14340 7ff6fa94fc70 _get_daylight 13 API calls 14338->14340 14339->14320 14343 7ff6fa95f9e0 14339->14343 14341 7ff6fa95f9be 14340->14341 14342 7ff6fa955964 _invalid_parameter_noinfo 30 API calls 14341->14342 14342->14339 14344 7ff6fa95f9e9 14343->14344 14345 7ff6fa95a26f 14343->14345 14346 7ff6fa94fc70 _get_daylight 13 API calls 14344->14346 14345->14320 14349 7ff6fa95fa10 14345->14349 14347 7ff6fa95f9ee 14346->14347 14348 7ff6fa955964 _invalid_parameter_noinfo 30 API calls 14347->14348 14348->14345 14350 7ff6fa95fa19 14349->14350 14354 7ff6fa95a280 14349->14354 14351 7ff6fa94fc70 _get_daylight 13 API calls 14350->14351 14352 7ff6fa95fa1e 14351->14352 14353 7ff6fa955964 _invalid_parameter_noinfo 30 API calls 14352->14353 14353->14354 14354->14320 14354->14328 14363 7ff6fa95af44 EnterCriticalSection 14355->14363 18080 7ff6fa94a670 18081 7ff6fa94a680 18080->18081 18097 7ff6fa950ee0 18081->18097 18083 7ff6fa94a68c 18103 7ff6fa94ac00 18083->18103 18085 7ff6fa94a6f9 18086 7ff6fa94aee0 7 API calls 18085->18086 18096 7ff6fa94a715 18085->18096 18088 7ff6fa94a725 18086->18088 18087 7ff6fa94a6a4 _RTC_Initialize 18087->18085 18108 7ff6fa94adb0 18087->18108 18090 7ff6fa94a6b9 18111 7ff6fa9539a8 18090->18111 18098 7ff6fa950ef1 18097->18098 18099 7ff6fa94fc70 _get_daylight 13 API calls 18098->18099 18102 7ff6fa950ef9 18098->18102 18100 7ff6fa950f08 18099->18100 18101 7ff6fa955964 _invalid_parameter_noinfo 30 API calls 18100->18101 18101->18102 18102->18083 18104 7ff6fa94ac11 18103->18104 18107 7ff6fa94ac16 __scrt_release_startup_lock 18103->18107 18105 7ff6fa94aee0 7 API calls 18104->18105 18104->18107 18106 7ff6fa94ac8a 18105->18106 18107->18087 18136 7ff6fa94ad74 18108->18136 18110 7ff6fa94adb9 18110->18090 18112 7ff6fa94a6c5 18111->18112 18113 7ff6fa9539c8 18111->18113 18112->18085 18135 7ff6fa94ae84 InitializeSListHead 18112->18135 18114 7ff6fa9539e6 GetModuleFileNameW 18113->18114 18115 7ff6fa9539d0 18113->18115 18119 7ff6fa953a11 18114->18119 18116 7ff6fa94fc70 _get_daylight 13 API calls 18115->18116 18117 7ff6fa9539d5 18116->18117 18118 7ff6fa955964 _invalid_parameter_noinfo 30 API calls 18117->18118 18118->18112 18120 7ff6fa953948 13 API calls 18119->18120 18121 7ff6fa953a51 18120->18121 18122 7ff6fa953a59 18121->18122 18126 7ff6fa953a71 18121->18126 18123 7ff6fa94fc70 _get_daylight 13 API calls 18122->18123 18124 7ff6fa953a5e 18123->18124 18125 7ff6fa9559cc __free_lconv_mon 13 API calls 18124->18125 18125->18112 18127 7ff6fa953a93 18126->18127 18129 7ff6fa953ad8 18126->18129 18130 7ff6fa953abf 18126->18130 18128 7ff6fa9559cc __free_lconv_mon 13 API calls 18127->18128 18128->18112 18133 7ff6fa9559cc __free_lconv_mon 13 API calls 18129->18133 18131 7ff6fa9559cc __free_lconv_mon 13 API calls 18130->18131 18132 7ff6fa953ac8 18131->18132 18134 7ff6fa9559cc __free_lconv_mon 13 API calls 18132->18134 18133->18127 18134->18112 18137 7ff6fa94ad8e 18136->18137 18139 7ff6fa94ad87 18136->18139 18140 7ff6fa9549c0 18137->18140 18139->18110 18143 7ff6fa95460c 18140->18143 18150 7ff6fa95af44 EnterCriticalSection 18143->18150 14364 7ff6fa95b13c 14365 7ff6fa95b160 14364->14365 14368 7ff6fa95b174 14364->14368 14366 7ff6fa94fc70 _get_daylight 13 API calls 14365->14366 14367 7ff6fa95b165 14366->14367 14369 7ff6fa95b40e 14368->14369 14371 7ff6fa95b1b7 14368->14371 14488 7ff6fa95b780 14368->14488 14370 7ff6fa94fc70 _get_daylight 13 API calls 14369->14370 14407 7ff6fa95b243 14370->14407 14373 7ff6fa95b213 14371->14373 14374 7ff6fa95b1dd 14371->14374 14381 7ff6fa95b207 14371->14381 14377 7ff6fa959550 _get_daylight 13 API calls 14373->14377 14373->14407 14503 7ff6fa954020 14374->14503 14375 7ff6fa95b2c1 14382 7ff6fa95b2de 14375->14382 14388 7ff6fa95b330 14375->14388 14380 7ff6fa95b229 14377->14380 14385 7ff6fa9559cc __free_lconv_mon 13 API calls 14380->14385 14381->14375 14381->14407 14509 7ff6fa9616b0 14381->14509 14386 7ff6fa9559cc __free_lconv_mon 13 API calls 14382->14386 14383 7ff6fa95b1eb 14383->14381 14390 7ff6fa95b780 33 API calls 14383->14390 14384 7ff6fa9559cc __free_lconv_mon 13 API calls 14384->14367 14387 7ff6fa95b237 14385->14387 14389 7ff6fa95b2e7 14386->14389 14387->14381 14392 7ff6fa959550 _get_daylight 13 API calls 14387->14392 14387->14407 14391 7ff6fa95dab0 33 API calls 14388->14391 14388->14407 14399 7ff6fa95b2ec 14389->14399 14545 7ff6fa95dab0 14389->14545 14390->14381 14393 7ff6fa95b36b 14391->14393 14394 7ff6fa95b262 14392->14394 14395 7ff6fa9559cc __free_lconv_mon 13 API calls 14393->14395 14397 7ff6fa9559cc __free_lconv_mon 13 API calls 14394->14397 14395->14399 14397->14381 14398 7ff6fa95b318 14400 7ff6fa9559cc __free_lconv_mon 13 API calls 14398->14400 14399->14399 14401 7ff6fa959550 _get_daylight 13 API calls 14399->14401 14399->14407 14400->14399 14402 7ff6fa95b3b5 14401->14402 14403 7ff6fa95b3fc 14402->14403 14464 7ff6fa954c48 14402->14464 14405 7ff6fa9559cc __free_lconv_mon 13 API calls 14403->14405 14405->14407 14407->14384 14408 7ff6fa95b447 14411 7ff6fa955984 _wfindfirst32i64 17 API calls 14408->14411 14409 7ff6fa95b3d0 14554 7ff6fa9617c8 14409->14554 14413 7ff6fa95b45b 14411->14413 14414 7ff6fa95b484 14413->14414 14419 7ff6fa95b498 14413->14419 14416 7ff6fa94fc70 _get_daylight 13 API calls 14414->14416 14415 7ff6fa94fc70 _get_daylight 13 API calls 14415->14403 14417 7ff6fa95b489 14416->14417 14418 7ff6fa95b72b 14420 7ff6fa94fc70 _get_daylight 13 API calls 14418->14420 14419->14418 14421 7ff6fa95b4d7 14419->14421 14473 7ff6fa95b868 14419->14473 14425 7ff6fa95b562 14420->14425 14423 7ff6fa95b531 14421->14423 14426 7ff6fa95b4ff 14421->14426 14431 7ff6fa95b525 14421->14431 14423->14425 14427 7ff6fa95b559 14423->14427 14430 7ff6fa959550 _get_daylight 13 API calls 14423->14430 14424 7ff6fa95b5e0 14437 7ff6fa95b5fd 14424->14437 14442 7ff6fa95b650 14424->14442 14435 7ff6fa9559cc __free_lconv_mon 13 API calls 14425->14435 14573 7ff6fa95405c 14426->14573 14427->14425 14427->14431 14432 7ff6fa959550 _get_daylight 13 API calls 14427->14432 14434 7ff6fa95b54b 14430->14434 14431->14424 14431->14425 14579 7ff6fa961570 14431->14579 14436 7ff6fa95b584 14432->14436 14439 7ff6fa9559cc __free_lconv_mon 13 API calls 14434->14439 14435->14417 14440 7ff6fa9559cc __free_lconv_mon 13 API calls 14436->14440 14441 7ff6fa9559cc __free_lconv_mon 13 API calls 14437->14441 14438 7ff6fa95b50d 14438->14431 14444 7ff6fa95b868 33 API calls 14438->14444 14439->14427 14440->14431 14443 7ff6fa95b606 14441->14443 14442->14425 14445 7ff6fa95dab0 33 API calls 14442->14445 14447 7ff6fa95dab0 33 API calls 14443->14447 14451 7ff6fa95b60c 14443->14451 14444->14431 14446 7ff6fa95b68c 14445->14446 14448 7ff6fa9559cc __free_lconv_mon 13 API calls 14446->14448 14449 7ff6fa95b638 14447->14449 14448->14451 14450 7ff6fa9559cc __free_lconv_mon 13 API calls 14449->14450 14450->14451 14451->14425 14452 7ff6fa959550 _get_daylight 13 API calls 14451->14452 14453 7ff6fa95b6d7 14452->14453 14454 7ff6fa95b719 14453->14454 14455 7ff6fa95b0d4 _wfindfirst32i64 30 API calls 14453->14455 14456 7ff6fa9559cc __free_lconv_mon 13 API calls 14454->14456 14457 7ff6fa95b6ed 14455->14457 14456->14425 14458 7ff6fa95b769 14457->14458 14459 7ff6fa95b6f1 SetEnvironmentVariableW 14457->14459 14461 7ff6fa955984 _wfindfirst32i64 17 API calls 14458->14461 14459->14454 14460 7ff6fa95b714 14459->14460 14462 7ff6fa94fc70 _get_daylight 13 API calls 14460->14462 14463 7ff6fa95b77d 14461->14463 14462->14454 14465 7ff6fa954c55 14464->14465 14466 7ff6fa954c5f 14464->14466 14465->14466 14471 7ff6fa954c7a 14465->14471 14467 7ff6fa94fc70 _get_daylight 13 API calls 14466->14467 14468 7ff6fa954c66 14467->14468 14469 7ff6fa955964 _invalid_parameter_noinfo 30 API calls 14468->14469 14470 7ff6fa954c72 14469->14470 14470->14408 14470->14409 14471->14470 14472 7ff6fa94fc70 _get_daylight 13 API calls 14471->14472 14472->14468 14474 7ff6fa95b88b 14473->14474 14475 7ff6fa95b8a8 14473->14475 14474->14421 14476 7ff6fa959550 _get_daylight 13 API calls 14475->14476 14482 7ff6fa95b8cc 14476->14482 14477 7ff6fa95b92d 14479 7ff6fa9559cc __free_lconv_mon 13 API calls 14477->14479 14479->14474 14481 7ff6fa959550 _get_daylight 13 API calls 14481->14482 14482->14477 14482->14481 14483 7ff6fa9559cc __free_lconv_mon 13 API calls 14482->14483 14484 7ff6fa95b0d4 _wfindfirst32i64 30 API calls 14482->14484 14485 7ff6fa95b93c 14482->14485 14487 7ff6fa95b950 14482->14487 14483->14482 14484->14482 14486 7ff6fa955984 _wfindfirst32i64 17 API calls 14485->14486 14486->14487 14603 7ff6fa954ca8 14487->14603 14489 7ff6fa95b7b5 14488->14489 14496 7ff6fa95b79d 14488->14496 14490 7ff6fa959550 _get_daylight 13 API calls 14489->14490 14491 7ff6fa95b7d9 14490->14491 14493 7ff6fa95b83a 14491->14493 14497 7ff6fa959550 _get_daylight 13 API calls 14491->14497 14498 7ff6fa9559cc __free_lconv_mon 13 API calls 14491->14498 14499 7ff6fa954c48 30 API calls 14491->14499 14500 7ff6fa95b849 14491->14500 14502 7ff6fa95b85e 14491->14502 14492 7ff6fa954ca8 33 API calls 14494 7ff6fa95b864 14492->14494 14495 7ff6fa9559cc __free_lconv_mon 13 API calls 14493->14495 14495->14496 14496->14371 14497->14491 14498->14491 14499->14491 14501 7ff6fa955984 _wfindfirst32i64 17 API calls 14500->14501 14501->14502 14502->14492 14504 7ff6fa954030 14503->14504 14507 7ff6fa954039 14503->14507 14504->14507 14674 7ff6fa953b2c 14504->14674 14507->14369 14507->14383 14510 7ff6fa9616bd 14509->14510 14511 7ff6fa960854 14509->14511 14514 7ff6fa94da10 33 API calls 14510->14514 14512 7ff6fa960897 14511->14512 14513 7ff6fa960861 14511->14513 14515 7ff6fa9608c1 14512->14515 14523 7ff6fa9608e6 14512->14523 14516 7ff6fa94fc70 _get_daylight 13 API calls 14513->14516 14532 7ff6fa960808 14513->14532 14519 7ff6fa9616f1 14514->14519 14518 7ff6fa94fc70 _get_daylight 13 API calls 14515->14518 14517 7ff6fa96086b 14516->14517 14521 7ff6fa955964 _invalid_parameter_noinfo 30 API calls 14517->14521 14522 7ff6fa9608c6 14518->14522 14520 7ff6fa9616f6 14519->14520 14524 7ff6fa961707 14519->14524 14528 7ff6fa96171e 14519->14528 14520->14381 14526 7ff6fa960876 14521->14526 14527 7ff6fa955964 _invalid_parameter_noinfo 30 API calls 14522->14527 14533 7ff6fa94da10 33 API calls 14523->14533 14538 7ff6fa9608d1 14523->14538 14525 7ff6fa94fc70 _get_daylight 13 API calls 14524->14525 14529 7ff6fa96170c 14525->14529 14526->14381 14527->14538 14530 7ff6fa96173a 14528->14530 14531 7ff6fa961728 14528->14531 14534 7ff6fa955964 _invalid_parameter_noinfo 30 API calls 14529->14534 14536 7ff6fa96174b 14530->14536 14537 7ff6fa961762 14530->14537 14535 7ff6fa94fc70 _get_daylight 13 API calls 14531->14535 14532->14381 14533->14538 14534->14520 14539 7ff6fa96172d 14535->14539 14941 7ff6fa9608a4 14536->14941 14950 7ff6fa963410 14537->14950 14538->14381 14543 7ff6fa955964 _invalid_parameter_noinfo 30 API calls 14539->14543 14543->14520 14544 7ff6fa94fc70 _get_daylight 13 API calls 14544->14520 14546 7ff6fa95dad2 14545->14546 14547 7ff6fa95daef 14545->14547 14546->14547 14548 7ff6fa95dae0 14546->14548 14549 7ff6fa95daf9 14547->14549 14985 7ff6fa962158 14547->14985 14550 7ff6fa94fc70 _get_daylight 13 API calls 14548->14550 14992 7ff6fa962194 14549->14992 14553 7ff6fa95dae5 memcpy_s 14550->14553 14553->14398 14555 7ff6fa94da10 33 API calls 14554->14555 14556 7ff6fa96182e 14555->14556 14557 7ff6fa96183c 14556->14557 15004 7ff6fa9597f0 14556->15004 15007 7ff6fa94fd6c 14557->15007 14561 7ff6fa961920 14564 7ff6fa961931 14561->14564 14566 7ff6fa9559cc __free_lconv_mon 13 API calls 14561->14566 14562 7ff6fa94da10 33 API calls 14563 7ff6fa9618a7 14562->14563 14567 7ff6fa9597f0 5 API calls 14563->14567 14569 7ff6fa9618b0 14563->14569 14565 7ff6fa95b3f3 14564->14565 14568 7ff6fa9559cc __free_lconv_mon 13 API calls 14564->14568 14565->14403 14565->14415 14566->14564 14567->14569 14568->14565 14570 7ff6fa94fd6c 16 API calls 14569->14570 14571 7ff6fa961907 14570->14571 14571->14561 14572 7ff6fa96190f SetEnvironmentVariableW 14571->14572 14572->14561 14574 7ff6fa95406c 14573->14574 14578 7ff6fa954075 14573->14578 14574->14578 15034 7ff6fa953b98 14574->15034 14578->14418 14578->14438 14580 7ff6fa96157d 14579->14580 14581 7ff6fa9615aa 14579->14581 14580->14581 14582 7ff6fa961582 14580->14582 14585 7ff6fa9615ee 14581->14585 14587 7ff6fa96160d 14581->14587 14601 7ff6fa9615e2 __crtLCMapStringW 14581->14601 14583 7ff6fa94fc70 _get_daylight 13 API calls 14582->14583 14584 7ff6fa961587 14583->14584 14586 7ff6fa955964 _invalid_parameter_noinfo 30 API calls 14584->14586 14588 7ff6fa94fc70 _get_daylight 13 API calls 14585->14588 14589 7ff6fa961592 14586->14589 14590 7ff6fa961617 14587->14590 14591 7ff6fa961629 14587->14591 14592 7ff6fa9615f3 14588->14592 14589->14431 14593 7ff6fa94fc70 _get_daylight 13 API calls 14590->14593 14594 7ff6fa94da10 33 API calls 14591->14594 14595 7ff6fa955964 _invalid_parameter_noinfo 30 API calls 14592->14595 14596 7ff6fa96161c 14593->14596 14597 7ff6fa961636 14594->14597 14595->14601 14598 7ff6fa955964 _invalid_parameter_noinfo 30 API calls 14596->14598 14597->14601 15076 7ff6fa962ff0 14597->15076 14598->14601 14601->14431 14602 7ff6fa94fc70 _get_daylight 13 API calls 14602->14601 14612 7ff6fa952720 14603->14612 14638 7ff6fa952608 14612->14638 14643 7ff6fa95af44 EnterCriticalSection 14638->14643 14675 7ff6fa953b45 14674->14675 14676 7ff6fa953b41 14674->14676 14694 7ff6fa95ccf4 14675->14694 14676->14507 14686 7ff6fa953e60 14676->14686 14681 7ff6fa953b57 14683 7ff6fa9559cc __free_lconv_mon 13 API calls 14681->14683 14683->14676 14685 7ff6fa9559cc __free_lconv_mon 13 API calls 14685->14681 14687 7ff6fa953e7f 14686->14687 14693 7ff6fa953e92 14686->14693 14687->14507 14688 7ff6fa959550 _get_daylight 13 API calls 14688->14693 14689 7ff6fa953f24 14690 7ff6fa9559cc __free_lconv_mon 13 API calls 14689->14690 14690->14687 14691 7ff6fa95a890 WideCharToMultiByte 14691->14693 14692 7ff6fa9559cc __free_lconv_mon 13 API calls 14692->14693 14693->14687 14693->14688 14693->14689 14693->14691 14693->14692 14695 7ff6fa953b4a 14694->14695 14696 7ff6fa95cd01 14694->14696 14700 7ff6fa95d02c GetEnvironmentStringsW 14695->14700 14729 7ff6fa9585b8 14696->14729 14701 7ff6fa95d05a 14700->14701 14702 7ff6fa95d0fc 14700->14702 14705 7ff6fa95a890 WideCharToMultiByte 14701->14705 14703 7ff6fa95d106 FreeEnvironmentStringsW 14702->14703 14704 7ff6fa953b4f 14702->14704 14703->14704 14704->14681 14712 7ff6fa953c00 14704->14712 14706 7ff6fa95d0ac 14705->14706 14706->14702 14707 7ff6fa957d90 _fread_nolock 14 API calls 14706->14707 14708 7ff6fa95d0bb 14707->14708 14709 7ff6fa95d0e5 14708->14709 14710 7ff6fa95a890 WideCharToMultiByte 14708->14710 14711 7ff6fa9559cc __free_lconv_mon 13 API calls 14709->14711 14710->14709 14711->14702 14713 7ff6fa953c27 14712->14713 14714 7ff6fa959550 _get_daylight 13 API calls 14713->14714 14717 7ff6fa953c5c 14714->14717 14715 7ff6fa9559cc __free_lconv_mon 13 API calls 14716 7ff6fa953b64 14715->14716 14716->14685 14718 7ff6fa959550 _get_daylight 13 API calls 14717->14718 14719 7ff6fa953cbc 14717->14719 14720 7ff6fa954c48 30 API calls 14717->14720 14723 7ff6fa953cf3 14717->14723 14726 7ff6fa9559cc __free_lconv_mon 13 API calls 14717->14726 14727 7ff6fa953ccb 14717->14727 14718->14717 14935 7ff6fa953e1c 14719->14935 14720->14717 14725 7ff6fa955984 _wfindfirst32i64 17 API calls 14723->14725 14724 7ff6fa9559cc __free_lconv_mon 13 API calls 14724->14727 14728 7ff6fa953d05 14725->14728 14726->14717 14727->14715 14730 7ff6fa9585c9 14729->14730 14731 7ff6fa9585ce 14729->14731 14732 7ff6fa959998 _get_daylight 6 API calls 14730->14732 14733 7ff6fa9599e0 _get_daylight 6 API calls 14731->14733 14737 7ff6fa9585d6 14731->14737 14732->14731 14734 7ff6fa9585ed 14733->14734 14735 7ff6fa959550 _get_daylight 13 API calls 14734->14735 14734->14737 14738 7ff6fa958600 14735->14738 14736 7ff6fa954ca8 33 API calls 14739 7ff6fa95865e 14736->14739 14737->14736 14742 7ff6fa958650 14737->14742 14740 7ff6fa95861e 14738->14740 14741 7ff6fa95860e 14738->14741 14744 7ff6fa9599e0 _get_daylight 6 API calls 14740->14744 14743 7ff6fa9599e0 _get_daylight 6 API calls 14741->14743 14754 7ff6fa95ca7c 14742->14754 14745 7ff6fa958615 14743->14745 14746 7ff6fa958626 14744->14746 14749 7ff6fa9559cc __free_lconv_mon 13 API calls 14745->14749 14747 7ff6fa95862a 14746->14747 14748 7ff6fa95863c 14746->14748 14750 7ff6fa9599e0 _get_daylight 6 API calls 14747->14750 14751 7ff6fa958294 _get_daylight 13 API calls 14748->14751 14749->14737 14750->14745 14752 7ff6fa958644 14751->14752 14753 7ff6fa9559cc __free_lconv_mon 13 API calls 14752->14753 14753->14737 14772 7ff6fa95cc3c 14754->14772 14756 7ff6fa95caa5 14787 7ff6fa95c788 14756->14787 14759 7ff6fa95cabf 14759->14695 14761 7ff6fa95cb6b 14763 7ff6fa9559cc __free_lconv_mon 13 API calls 14761->14763 14763->14759 14766 7ff6fa95cb66 14767 7ff6fa94fc70 _get_daylight 13 API calls 14766->14767 14767->14761 14768 7ff6fa95cbc8 14768->14761 14812 7ff6fa95c5cc 14768->14812 14769 7ff6fa95cb8b 14769->14768 14770 7ff6fa9559cc __free_lconv_mon 13 API calls 14769->14770 14770->14768 14773 7ff6fa95cc5f 14772->14773 14774 7ff6fa95cc69 14773->14774 14827 7ff6fa95af44 EnterCriticalSection 14773->14827 14778 7ff6fa95ccdb 14774->14778 14780 7ff6fa954ca8 33 API calls 14774->14780 14778->14756 14781 7ff6fa95ccf3 14780->14781 14783 7ff6fa95cd46 14781->14783 14784 7ff6fa9585b8 33 API calls 14781->14784 14783->14756 14785 7ff6fa95cd30 14784->14785 14786 7ff6fa95ca7c 43 API calls 14785->14786 14786->14783 14828 7ff6fa94da10 14787->14828 14790 7ff6fa95c7ba 14792 7ff6fa95c7cf 14790->14792 14793 7ff6fa95c7bf GetACP 14790->14793 14791 7ff6fa95c7a8 GetOEMCP 14791->14792 14792->14759 14794 7ff6fa957d90 14792->14794 14793->14792 14795 7ff6fa957ddb 14794->14795 14799 7ff6fa957d9f _get_daylight 14794->14799 14797 7ff6fa94fc70 _get_daylight 13 API calls 14795->14797 14796 7ff6fa957dc2 HeapAlloc 14798 7ff6fa957dd9 14796->14798 14796->14799 14797->14798 14798->14761 14801 7ff6fa95cd70 14798->14801 14799->14795 14799->14796 14800 7ff6fa95dc34 _get_daylight 2 API calls 14799->14800 14800->14799 14802 7ff6fa95c788 35 API calls 14801->14802 14803 7ff6fa95cd9b 14802->14803 14804 7ff6fa95ce1b memcpy_s 14803->14804 14806 7ff6fa95cdd8 IsValidCodePage 14803->14806 14805 7ff6fa94a5f0 _wfindfirst32i64 8 API calls 14804->14805 14808 7ff6fa95cb5f 14805->14808 14806->14804 14807 7ff6fa95cde9 14806->14807 14809 7ff6fa95ce20 GetCPInfo 14807->14809 14811 7ff6fa95cdf2 memcpy_s 14807->14811 14808->14766 14808->14769 14809->14804 14809->14811 14860 7ff6fa95c898 14811->14860 14934 7ff6fa95af44 EnterCriticalSection 14812->14934 14829 7ff6fa94da34 14828->14829 14830 7ff6fa94da2f 14828->14830 14829->14830 14831 7ff6fa9584e4 33 API calls 14829->14831 14830->14790 14830->14791 14832 7ff6fa94da4f 14831->14832 14836 7ff6fa95878c 14832->14836 14837 7ff6fa94da72 14836->14837 14838 7ff6fa9587a1 14836->14838 14840 7ff6fa9587c0 14837->14840 14838->14837 14844 7ff6fa95d9d8 14838->14844 14841 7ff6fa9587e8 14840->14841 14842 7ff6fa9587d5 14840->14842 14841->14830 14842->14841 14857 7ff6fa95cd54 14842->14857 14845 7ff6fa9584e4 33 API calls 14844->14845 14846 7ff6fa95d9e7 14845->14846 14847 7ff6fa95da32 14846->14847 14856 7ff6fa95af44 EnterCriticalSection 14846->14856 14847->14837 14858 7ff6fa9584e4 33 API calls 14857->14858 14859 7ff6fa95cd5d 14858->14859 14861 7ff6fa95c8d5 GetCPInfo 14860->14861 14862 7ff6fa95c9cb 14860->14862 14861->14862 14863 7ff6fa95c8e8 14861->14863 14864 7ff6fa94a5f0 _wfindfirst32i64 8 API calls 14862->14864 14871 7ff6fa95d514 14863->14871 14866 7ff6fa95ca64 14864->14866 14866->14804 14872 7ff6fa94da10 33 API calls 14871->14872 14873 7ff6fa95d556 14872->14873 14891 7ff6fa95a0b0 14873->14891 14892 7ff6fa95a0b8 MultiByteToWideChar 14891->14892 14939 7ff6fa953e21 14935->14939 14940 7ff6fa953cc4 14935->14940 14936 7ff6fa953e4a 14938 7ff6fa9559cc __free_lconv_mon 13 API calls 14936->14938 14937 7ff6fa9559cc __free_lconv_mon 13 API calls 14937->14939 14938->14940 14939->14936 14939->14937 14940->14724 14942 7ff6fa9608d8 14941->14942 14943 7ff6fa9608c1 14941->14943 14942->14943 14946 7ff6fa9608e6 14942->14946 14944 7ff6fa94fc70 _get_daylight 13 API calls 14943->14944 14945 7ff6fa9608c6 14944->14945 14947 7ff6fa955964 _invalid_parameter_noinfo 30 API calls 14945->14947 14948 7ff6fa9608d1 14946->14948 14949 7ff6fa94da10 33 API calls 14946->14949 14947->14948 14948->14520 14949->14948 14951 7ff6fa94da10 33 API calls 14950->14951 14952 7ff6fa963435 14951->14952 14955 7ff6fa9630b0 14952->14955 14958 7ff6fa9630fa 14955->14958 14956 7ff6fa94a5f0 _wfindfirst32i64 8 API calls 14957 7ff6fa961789 14956->14957 14957->14520 14957->14544 14959 7ff6fa963181 14958->14959 14961 7ff6fa96316c GetCPInfo 14958->14961 14966 7ff6fa963185 14958->14966 14960 7ff6fa95a0b0 _fread_nolock MultiByteToWideChar 14959->14960 14959->14966 14962 7ff6fa963219 14960->14962 14961->14959 14961->14966 14963 7ff6fa957d90 _fread_nolock 14 API calls 14962->14963 14964 7ff6fa96324c 14962->14964 14962->14966 14963->14964 14965 7ff6fa95a0b0 _fread_nolock MultiByteToWideChar 14964->14965 14968 7ff6fa9633c9 14964->14968 14967 7ff6fa9632bb 14965->14967 14966->14956 14967->14968 14969 7ff6fa95a0b0 _fread_nolock MultiByteToWideChar 14967->14969 14968->14966 14970 7ff6fa9559cc __free_lconv_mon 13 API calls 14968->14970 14971 7ff6fa9632e1 14969->14971 14970->14966 14971->14968 14972 7ff6fa957d90 _fread_nolock 14 API calls 14971->14972 14973 7ff6fa96330a 14971->14973 14972->14973 14974 7ff6fa95a0b0 _fread_nolock MultiByteToWideChar 14973->14974 14976 7ff6fa9633ad 14973->14976 14975 7ff6fa96337b 14974->14975 14975->14976 14979 7ff6fa95982c 14975->14979 14976->14968 14977 7ff6fa9559cc __free_lconv_mon 13 API calls 14976->14977 14977->14968 14980 7ff6fa9595c8 try_get_function 5 API calls 14979->14980 14981 7ff6fa95986a 14980->14981 14982 7ff6fa959b74 __crtLCMapStringW 5 API calls 14981->14982 14984 7ff6fa95986f 14981->14984 14983 7ff6fa9598cb CompareStringW 14982->14983 14983->14984 14984->14976 14986 7ff6fa96217a HeapSize 14985->14986 14987 7ff6fa962161 14985->14987 14988 7ff6fa94fc70 _get_daylight 13 API calls 14987->14988 14989 7ff6fa962166 14988->14989 14990 7ff6fa955964 _invalid_parameter_noinfo 30 API calls 14989->14990 14991 7ff6fa962171 14990->14991 14991->14549 14993 7ff6fa9621a9 14992->14993 14994 7ff6fa9621b3 14992->14994 14995 7ff6fa957d90 _fread_nolock 14 API calls 14993->14995 14996 7ff6fa9621b8 14994->14996 15002 7ff6fa9621bf _get_daylight 14994->15002 15000 7ff6fa9621b1 14995->15000 14997 7ff6fa9559cc __free_lconv_mon 13 API calls 14996->14997 14997->15000 14998 7ff6fa9621f2 HeapReAlloc 14998->15000 14998->15002 14999 7ff6fa9621c5 15001 7ff6fa94fc70 _get_daylight 13 API calls 14999->15001 15000->14553 15001->15000 15002->14998 15002->14999 15003 7ff6fa95dc34 _get_daylight 2 API calls 15002->15003 15003->15002 15005 7ff6fa9595c8 try_get_function 5 API calls 15004->15005 15006 7ff6fa959810 15005->15006 15006->14557 15008 7ff6fa94fdb7 15007->15008 15009 7ff6fa94fd95 15007->15009 15010 7ff6fa94fdbb 15008->15010 15011 7ff6fa94fe10 15008->15011 15012 7ff6fa9559cc __free_lconv_mon 13 API calls 15009->15012 15014 7ff6fa94fda3 15009->15014 15010->15014 15017 7ff6fa9559cc __free_lconv_mon 13 API calls 15010->15017 15018 7ff6fa94fdcf 15010->15018 15013 7ff6fa95a0b0 _fread_nolock MultiByteToWideChar 15011->15013 15012->15014 15021 7ff6fa94fe2b 15013->15021 15014->14561 15014->14562 15015 7ff6fa957d90 _fread_nolock 14 API calls 15015->15014 15016 7ff6fa94fe32 GetLastError 15029 7ff6fa94fc00 15016->15029 15017->15018 15018->15015 15020 7ff6fa94fe6b 15020->15014 15023 7ff6fa95a0b0 _fread_nolock MultiByteToWideChar 15020->15023 15021->15016 15021->15020 15022 7ff6fa94fe5f 15021->15022 15025 7ff6fa9559cc __free_lconv_mon 13 API calls 15021->15025 15026 7ff6fa957d90 _fread_nolock 14 API calls 15022->15026 15027 7ff6fa94feb3 15023->15027 15024 7ff6fa94fe3f 15028 7ff6fa94fc70 _get_daylight 13 API calls 15024->15028 15025->15022 15026->15020 15027->15014 15027->15016 15028->15014 15030 7ff6fa958660 _get_daylight 13 API calls 15029->15030 15031 7ff6fa94fc11 15030->15031 15032 7ff6fa958660 _get_daylight 13 API calls 15031->15032 15033 7ff6fa94fc2a _fread_nolock 15032->15033 15033->15024 15035 7ff6fa953bb1 15034->15035 15042 7ff6fa953bad 15034->15042 15052 7ff6fa95d130 GetEnvironmentStringsW 15035->15052 15038 7ff6fa953bbe 15041 7ff6fa9559cc __free_lconv_mon 13 API calls 15038->15041 15041->15042 15042->14578 15044 7ff6fa953f34 15042->15044 15043 7ff6fa9559cc __free_lconv_mon 13 API calls 15043->15038 15045 7ff6fa953f4f 15044->15045 15051 7ff6fa953f62 15044->15051 15045->14578 15046 7ff6fa95a0b0 MultiByteToWideChar _fread_nolock 15046->15051 15047 7ff6fa959550 _get_daylight 13 API calls 15047->15051 15048 7ff6fa953fd8 15049 7ff6fa9559cc __free_lconv_mon 13 API calls 15048->15049 15049->15045 15050 7ff6fa9559cc __free_lconv_mon 13 API calls 15050->15051 15051->15045 15051->15046 15051->15047 15051->15048 15051->15050 15053 7ff6fa953bb6 15052->15053 15055 7ff6fa95d154 15052->15055 15053->15038 15059 7ff6fa953d08 15053->15059 15054 7ff6fa957d90 _fread_nolock 14 API calls 15056 7ff6fa95d18e memcpy_s 15054->15056 15055->15054 15057 7ff6fa9559cc __free_lconv_mon 13 API calls 15056->15057 15058 7ff6fa95d1ae FreeEnvironmentStringsW 15057->15058 15058->15053 15060 7ff6fa953d30 15059->15060 15061 7ff6fa959550 _get_daylight 13 API calls 15060->15061 15068 7ff6fa953d6b 15061->15068 15062 7ff6fa9559cc __free_lconv_mon 13 API calls 15063 7ff6fa953bcb 15062->15063 15063->15043 15064 7ff6fa959550 _get_daylight 13 API calls 15064->15068 15065 7ff6fa953dd1 15066 7ff6fa953e1c 13 API calls 15065->15066 15069 7ff6fa953dd9 15066->15069 15067 7ff6fa95b0d4 _wfindfirst32i64 30 API calls 15067->15068 15068->15064 15068->15065 15068->15067 15070 7ff6fa953e08 15068->15070 15072 7ff6fa9559cc __free_lconv_mon 13 API calls 15068->15072 15073 7ff6fa953de0 15068->15073 15071 7ff6fa9559cc __free_lconv_mon 13 API calls 15069->15071 15074 7ff6fa955984 _wfindfirst32i64 17 API calls 15070->15074 15071->15073 15072->15068 15073->15062 15075 7ff6fa953e1a 15074->15075 15078 7ff6fa963019 __crtLCMapStringW 15076->15078 15077 7ff6fa961672 15077->14601 15077->14602 15078->15077 15079 7ff6fa95982c 6 API calls 15078->15079 15079->15077 17398 7ff6fa9490c0 17399 7ff6fa9490d5 17398->17399 17400 7ff6fa9490ee 17398->17400 17399->17400 17402 7ff6fa957d90 14 API calls 17399->17402 17401 7ff6fa949148 17402->17401 17469 7ff6fa9643cb 17470 7ff6fa9643da 17469->17470 17471 7ff6fa9643e4 17469->17471 17473 7ff6fa95af98 LeaveCriticalSection 17470->17473 14083 7ff6fa9569cc 14084 7ff6fa956a0d 14083->14084 14085 7ff6fa9569f5 14083->14085 14087 7ff6fa956a87 14084->14087 14092 7ff6fa956a3e 14084->14092 14108 7ff6fa94fc50 14085->14108 14089 7ff6fa94fc50 _fread_nolock 13 API calls 14087->14089 14091 7ff6fa956a8c 14089->14091 14093 7ff6fa94fc70 _get_daylight 13 API calls 14091->14093 14107 7ff6fa952284 EnterCriticalSection 14092->14107 14095 7ff6fa956a94 14093->14095 14114 7ff6fa955964 14095->14114 14106 7ff6fa956a02 14117 7ff6fa958660 GetLastError 14108->14117 14110 7ff6fa94fc59 14111 7ff6fa94fc70 14110->14111 14112 7ff6fa958660 _get_daylight 13 API calls 14111->14112 14113 7ff6fa94fc79 14112->14113 14113->14106 14199 7ff6fa9558b4 14114->14199 14118 7ff6fa958682 14117->14118 14119 7ff6fa958687 14117->14119 14140 7ff6fa959998 14118->14140 14123 7ff6fa95868f SetLastError 14119->14123 14144 7ff6fa9599e0 14119->14144 14123->14110 14127 7ff6fa9586db 14130 7ff6fa9599e0 _get_daylight 6 API calls 14127->14130 14128 7ff6fa9586cb 14129 7ff6fa9599e0 _get_daylight 6 API calls 14128->14129 14131 7ff6fa9586d2 14129->14131 14132 7ff6fa9586e3 14130->14132 14156 7ff6fa9559cc 14131->14156 14133 7ff6fa9586e7 14132->14133 14134 7ff6fa9586f9 14132->14134 14136 7ff6fa9599e0 _get_daylight 6 API calls 14133->14136 14161 7ff6fa958294 14134->14161 14136->14131 14166 7ff6fa9595c8 14140->14166 14145 7ff6fa9595c8 try_get_function 5 API calls 14144->14145 14146 7ff6fa959a0e 14145->14146 14147 7ff6fa9586aa 14146->14147 14148 7ff6fa959a20 TlsSetValue 14146->14148 14147->14123 14149 7ff6fa959550 14147->14149 14148->14147 14155 7ff6fa959561 _get_daylight 14149->14155 14150 7ff6fa9595b2 14152 7ff6fa94fc70 _get_daylight 12 API calls 14150->14152 14151 7ff6fa959596 HeapAlloc 14153 7ff6fa9586bd 14151->14153 14151->14155 14152->14153 14153->14127 14153->14128 14155->14150 14155->14151 14176 7ff6fa95dc34 14155->14176 14157 7ff6fa955a03 14156->14157 14158 7ff6fa9559d1 RtlFreeHeap 14156->14158 14157->14123 14158->14157 14159 7ff6fa9559ec 14158->14159 14160 7ff6fa94fc70 _get_daylight 12 API calls 14159->14160 14160->14157 14185 7ff6fa95816c 14161->14185 14167 7ff6fa959629 TlsGetValue 14166->14167 14174 7ff6fa959624 try_get_function 14166->14174 14168 7ff6fa959658 LoadLibraryExW 14170 7ff6fa959679 GetLastError 14168->14170 14168->14174 14169 7ff6fa95970c 14169->14167 14171 7ff6fa95971a GetProcAddress 14169->14171 14170->14174 14172 7ff6fa95972b 14171->14172 14172->14167 14173 7ff6fa9596f1 FreeLibrary 14173->14174 14174->14167 14174->14168 14174->14169 14174->14173 14175 7ff6fa9596b3 LoadLibraryExW 14174->14175 14175->14174 14179 7ff6fa95dc64 14176->14179 14184 7ff6fa95af44 EnterCriticalSection 14179->14184 14197 7ff6fa95af44 EnterCriticalSection 14185->14197 14200 7ff6fa958660 _get_daylight 13 API calls 14199->14200 14201 7ff6fa9558d9 14200->14201 14202 7ff6fa9558ea 14201->14202 14207 7ff6fa955984 IsProcessorFeaturePresent 14201->14207 14202->14106 14208 7ff6fa955997 14207->14208 14211 7ff6fa955750 14208->14211 14212 7ff6fa95578a _wfindfirst32i64 memcpy_s 14211->14212 14213 7ff6fa9557b2 RtlCaptureContext RtlLookupFunctionEntry 14212->14213 14214 7ff6fa9557ec RtlVirtualUnwind 14213->14214 14215 7ff6fa955822 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 14213->14215 14214->14215 14217 7ff6fa955874 _wfindfirst32i64 14215->14217 14219 7ff6fa94a5f0 14217->14219 14220 7ff6fa94a5f9 14219->14220 14221 7ff6fa94a604 GetCurrentProcess TerminateProcess 14220->14221 14222 7ff6fa94a910 IsProcessorFeaturePresent 14220->14222 14223 7ff6fa94a928 14222->14223 14228 7ff6fa94ab04 RtlCaptureContext 14223->14228 14229 7ff6fa94ab1e RtlLookupFunctionEntry 14228->14229 14230 7ff6fa94a93b 14229->14230 14231 7ff6fa94ab34 RtlVirtualUnwind 14229->14231 14232 7ff6fa94a8dc SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 14230->14232 14231->14229 14231->14230 15118 7ff6fa953048 15119 7ff6fa95307e 15118->15119 15120 7ff6fa95305f 15118->15120 15130 7ff6fa94fba0 EnterCriticalSection 15119->15130 15122 7ff6fa94fc70 _get_daylight 13 API calls 15120->15122 15123 7ff6fa953064 15122->15123 15125 7ff6fa955964 _invalid_parameter_noinfo 30 API calls 15123->15125 15127 7ff6fa95306f 15125->15127 15145 7ff6fa94a754 15168 7ff6fa94abb4 15145->15168 15148 7ff6fa94a8a0 15278 7ff6fa94aee0 IsProcessorFeaturePresent 15148->15278 15149 7ff6fa94a770 __scrt_acquire_startup_lock 15151 7ff6fa94a8aa 15149->15151 15153 7ff6fa94a78e 15149->15153 15152 7ff6fa94aee0 7 API calls 15151->15152 15155 7ff6fa94a8b5 15152->15155 15154 7ff6fa94a7b3 15153->15154 15160 7ff6fa94a7d0 __scrt_release_startup_lock 15153->15160 15263 7ff6fa95412c 15153->15263 15157 7ff6fa94a839 15174 7ff6fa94b02c 15157->15174 15159 7ff6fa94a83e 15177 7ff6fa941000 15159->15177 15160->15157 15267 7ff6fa954470 15160->15267 15165 7ff6fa94a861 15165->15155 15274 7ff6fa94ad48 15165->15274 15285 7ff6fa94b1a8 15168->15285 15171 7ff6fa94abe3 __scrt_initialize_crt 15173 7ff6fa94a768 15171->15173 15287 7ff6fa94c10c 15171->15287 15173->15148 15173->15149 15314 7ff6fa94ba40 15174->15314 15176 7ff6fa94b043 GetStartupInfoW 15176->15159 15178 7ff6fa94100b 15177->15178 15316 7ff6fa9470f0 15178->15316 15180 7ff6fa94101d 15327 7ff6fa9506c8 15180->15327 15186 7ff6fa94a5f0 _wfindfirst32i64 8 API calls 15187 7ff6fa943650 15186->15187 15272 7ff6fa94b070 GetModuleHandleW 15187->15272 15188 7ff6fa94353b 15254 7ff6fa94363c 15188->15254 15352 7ff6fa9464e0 15188->15352 15190 7ff6fa943589 15192 7ff6fa9464e0 42 API calls 15190->15192 15206 7ff6fa9435d5 15190->15206 15195 7ff6fa9435aa 15192->15195 15195->15206 15487 7ff6fa94f95c 15195->15487 15198 7ff6fa9436df 15200 7ff6fa94370a 15198->15200 15532 7ff6fa943040 15198->15532 15210 7ff6fa94374d 15200->15210 15378 7ff6fa947490 15200->15378 15201 7ff6fa9419c0 103 API calls 15205 7ff6fa943620 15201->15205 15202 7ff6fa946a80 31 API calls 15202->15206 15208 7ff6fa943624 15205->15208 15209 7ff6fa943662 15205->15209 15367 7ff6fa946a80 15206->15367 15207 7ff6fa94372a 15211 7ff6fa943740 SetDllDirectoryW 15207->15211 15212 7ff6fa94372f 15207->15212 15493 7ff6fa942760 15208->15493 15209->15198 15504 7ff6fa943b50 15209->15504 15392 7ff6fa9459d0 15210->15392 15211->15210 15215 7ff6fa942760 18 API calls 15212->15215 15215->15254 15219 7ff6fa9437a8 15223 7ff6fa945950 14 API calls 15219->15223 15220 7ff6fa943684 15227 7ff6fa942760 18 API calls 15220->15227 15224 7ff6fa9437b2 15223->15224 15228 7ff6fa943866 15224->15228 15239 7ff6fa9437bb 15224->15239 15227->15254 15396 7ff6fa942ed0 15228->15396 15229 7ff6fa9436b7 15520 7ff6fa94c8c4 15229->15520 15235 7ff6fa94377f 15560 7ff6fa9451f0 15235->15560 15236 7ff6fa94379e 15240 7ff6fa9454d0 FreeLibrary 15236->15240 15239->15254 15634 7ff6fa942e70 15239->15634 15240->15219 15241 7ff6fa943789 15241->15236 15243 7ff6fa94378d 15241->15243 15628 7ff6fa945860 15243->15628 15244 7ff6fa9464e0 42 API calls 15250 7ff6fa9438a7 15244->15250 15247 7ff6fa943841 15249 7ff6fa9454d0 FreeLibrary 15247->15249 15251 7ff6fa943855 15249->15251 15250->15254 15417 7ff6fa946ac0 15250->15417 15252 7ff6fa945950 14 API calls 15251->15252 15252->15254 15254->15186 15264 7ff6fa95417b 15263->15264 15265 7ff6fa954161 15263->15265 15264->15160 15265->15264 17370 7ff6fa94fb44 15265->17370 15268 7ff6fa9544a6 15267->15268 15269 7ff6fa954494 15267->15269 17393 7ff6fa954b80 15268->17393 15269->15157 15273 7ff6fa94b081 15272->15273 15273->15165 15275 7ff6fa94ad59 15274->15275 15276 7ff6fa94a878 15275->15276 15277 7ff6fa94c10c __scrt_initialize_crt 7 API calls 15275->15277 15276->15154 15277->15276 15279 7ff6fa94af06 _wfindfirst32i64 memcpy_s 15278->15279 15280 7ff6fa94af25 RtlCaptureContext RtlLookupFunctionEntry 15279->15280 15281 7ff6fa94af8a memcpy_s 15280->15281 15282 7ff6fa94af4e RtlVirtualUnwind 15280->15282 15283 7ff6fa94afbc IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15281->15283 15282->15281 15284 7ff6fa94b00e _wfindfirst32i64 15283->15284 15284->15151 15286 7ff6fa94abd6 __scrt_dllmain_crt_thread_attach 15285->15286 15286->15171 15286->15173 15288 7ff6fa94c114 15287->15288 15289 7ff6fa94c11e 15287->15289 15293 7ff6fa94c390 15288->15293 15289->15173 15294 7ff6fa94c119 15293->15294 15295 7ff6fa94c39f 15293->15295 15297 7ff6fa94c3e8 15294->15297 15301 7ff6fa94c5b8 15295->15301 15298 7ff6fa94c413 15297->15298 15299 7ff6fa94c3f6 DeleteCriticalSection 15298->15299 15300 7ff6fa94c417 15298->15300 15299->15298 15300->15289 15305 7ff6fa94c420 15301->15305 15306 7ff6fa94c464 try_get_function 15305->15306 15312 7ff6fa94c53a TlsFree 15305->15312 15307 7ff6fa94c492 LoadLibraryExW 15306->15307 15308 7ff6fa94c529 GetProcAddress 15306->15308 15306->15312 15313 7ff6fa94c4d5 LoadLibraryExW 15306->15313 15309 7ff6fa94c509 15307->15309 15310 7ff6fa94c4b3 GetLastError 15307->15310 15308->15312 15309->15308 15311 7ff6fa94c520 FreeLibrary 15309->15311 15310->15306 15311->15308 15313->15306 15313->15309 15315 7ff6fa94ba20 15314->15315 15315->15176 15315->15315 15318 7ff6fa94710f 15316->15318 15317 7ff6fa947117 15317->15180 15318->15317 15319 7ff6fa947160 WideCharToMultiByte 15318->15319 15320 7ff6fa947207 15318->15320 15321 7ff6fa9471b6 WideCharToMultiByte 15318->15321 15319->15318 15319->15320 15675 7ff6fa942610 15320->15675 15321->15318 15321->15320 15323 7ff6fa947233 15324 7ff6fa947251 15323->15324 15326 7ff6fa94f95c __vcrt_freefls 14 API calls 15323->15326 15325 7ff6fa94f95c __vcrt_freefls 14 API calls 15324->15325 15325->15317 15326->15323 15331 7ff6fa95a4c4 15327->15331 15328 7ff6fa95a547 15329 7ff6fa94fc70 _get_daylight 13 API calls 15328->15329 15330 7ff6fa95a54c 15329->15330 15333 7ff6fa955964 _invalid_parameter_noinfo 30 API calls 15330->15333 15331->15328 15332 7ff6fa95a508 15331->15332 15704 7ff6fa95a3a0 15332->15704 15335 7ff6fa94351b 15333->15335 15336 7ff6fa941ae0 15335->15336 15337 7ff6fa941af5 15336->15337 15338 7ff6fa941b10 15337->15338 15712 7ff6fa9424c0 15337->15712 15338->15254 15340 7ff6fa943a40 15338->15340 15341 7ff6fa94a620 15340->15341 15342 7ff6fa943a4c GetModuleFileNameW 15341->15342 15343 7ff6fa943a7b 15342->15343 15344 7ff6fa943a92 15342->15344 15345 7ff6fa942610 16 API calls 15343->15345 15748 7ff6fa9475a0 15344->15748 15347 7ff6fa943a8e 15345->15347 15350 7ff6fa94a5f0 _wfindfirst32i64 8 API calls 15347->15350 15349 7ff6fa942760 18 API calls 15349->15347 15351 7ff6fa943acf 15350->15351 15351->15188 15353 7ff6fa9464ea 15352->15353 15354 7ff6fa947490 16 API calls 15353->15354 15355 7ff6fa94650c GetEnvironmentVariableW 15354->15355 15356 7ff6fa946576 15355->15356 15357 7ff6fa946524 ExpandEnvironmentStringsW 15355->15357 15359 7ff6fa94a5f0 _wfindfirst32i64 8 API calls 15356->15359 15358 7ff6fa9475a0 18 API calls 15357->15358 15361 7ff6fa94654c 15358->15361 15360 7ff6fa946588 15359->15360 15360->15190 15361->15356 15362 7ff6fa946556 15361->15362 15759 7ff6fa954ba8 15362->15759 15365 7ff6fa94a5f0 _wfindfirst32i64 8 API calls 15366 7ff6fa94656e 15365->15366 15366->15190 15368 7ff6fa947490 16 API calls 15367->15368 15369 7ff6fa946a97 SetEnvironmentVariableW 15368->15369 15370 7ff6fa94f95c __vcrt_freefls 14 API calls 15369->15370 15371 7ff6fa9435ea 15370->15371 15372 7ff6fa9419c0 15371->15372 15373 7ff6fa9419f0 15372->15373 15376 7ff6fa941a6a 15373->15376 15766 7ff6fa9417a0 15373->15766 15376->15198 15376->15201 15377 7ff6fa94c8c4 64 API calls 15377->15376 15379 7ff6fa947537 MultiByteToWideChar 15378->15379 15380 7ff6fa9474b1 MultiByteToWideChar 15378->15380 15381 7ff6fa94755a 15379->15381 15382 7ff6fa94757f 15379->15382 15383 7ff6fa9474d7 15380->15383 15384 7ff6fa9474fc 15380->15384 15385 7ff6fa942610 14 API calls 15381->15385 15382->15207 15386 7ff6fa942610 14 API calls 15383->15386 15384->15379 15389 7ff6fa947512 15384->15389 15387 7ff6fa94756d 15385->15387 15388 7ff6fa9474ea 15386->15388 15387->15207 15388->15207 15390 7ff6fa942610 14 API calls 15389->15390 15391 7ff6fa947525 15390->15391 15391->15207 15393 7ff6fa9459e5 15392->15393 15394 7ff6fa943752 15393->15394 15395 7ff6fa9424c0 40 API calls 15393->15395 15394->15219 15536 7ff6fa9456b0 15394->15536 15395->15394 15403 7ff6fa942f43 15396->15403 15405 7ff6fa942f84 15396->15405 15397 7ff6fa942fc3 15398 7ff6fa94a5f0 _wfindfirst32i64 8 API calls 15397->15398 15400 7ff6fa942fd5 15398->15400 15399 7ff6fa941aa0 65 API calls 15399->15405 15400->15254 15406 7ff6fa946a10 15400->15406 15403->15405 15819 7ff6fa941440 15403->15819 15853 7ff6fa942980 15403->15853 15897 7ff6fa941770 15403->15897 15405->15397 15405->15399 15407 7ff6fa947490 16 API calls 15406->15407 15408 7ff6fa946a2f 15407->15408 15409 7ff6fa947490 16 API calls 15408->15409 15410 7ff6fa946a3f 15409->15410 15411 7ff6fa951d4c 31 API calls 15410->15411 15412 7ff6fa946a4d 15411->15412 15413 7ff6fa94f95c __vcrt_freefls 14 API calls 15412->15413 15414 7ff6fa946a57 15413->15414 15415 7ff6fa94f95c __vcrt_freefls 14 API calls 15414->15415 15416 7ff6fa94389b 15415->15416 15416->15244 15418 7ff6fa946ad0 15417->15418 15419 7ff6fa947490 16 API calls 15418->15419 15420 7ff6fa946b01 15419->15420 16533 7ff6fa9529dc 15420->16533 15423 7ff6fa9529dc 16 API calls 15424 7ff6fa946b1a 15423->15424 15425 7ff6fa9529dc 16 API calls 15424->15425 15426 7ff6fa946b24 15425->15426 15427 7ff6fa9529dc 16 API calls 15426->15427 15428 7ff6fa946b2e GetStartupInfoW 15427->15428 15429 7ff6fa946b7b 15428->15429 16551 7ff6fa954c20 15429->16551 15488 7ff6fa9559cc 15487->15488 15489 7ff6fa9435c9 15488->15489 15490 7ff6fa9559d1 RtlFreeHeap 15488->15490 15489->15202 15490->15489 15491 7ff6fa9559ec 15490->15491 15492 7ff6fa94fc70 _get_daylight 13 API calls 15491->15492 15492->15489 15494 7ff6fa942780 memcpy_s 15493->15494 15495 7ff6fa947490 16 API calls 15494->15495 15496 7ff6fa9427fa 15495->15496 15497 7ff6fa942839 MessageBoxA 15496->15497 15498 7ff6fa9427ff 15496->15498 15500 7ff6fa942853 15497->15500 15499 7ff6fa947490 16 API calls 15498->15499 15501 7ff6fa942819 MessageBoxW 15499->15501 15502 7ff6fa94a5f0 _wfindfirst32i64 8 API calls 15500->15502 15501->15500 15503 7ff6fa942863 15502->15503 15503->15254 15505 7ff6fa943b5c 15504->15505 15506 7ff6fa947490 16 API calls 15505->15506 15507 7ff6fa943b87 15506->15507 15508 7ff6fa947490 16 API calls 15507->15508 15509 7ff6fa943b9a 15508->15509 16598 7ff6fa950c88 15509->16598 15512 7ff6fa94a5f0 _wfindfirst32i64 8 API calls 15513 7ff6fa94367c 15512->15513 15513->15220 15514 7ff6fa946cf0 15513->15514 15518 7ff6fa946d14 15514->15518 15515 7ff6fa94f95c __vcrt_freefls 14 API calls 15516 7ff6fa9436b2 15515->15516 15516->15198 15516->15229 15517 7ff6fa946deb 15517->15515 15518->15517 15519 7ff6fa94cbe0 _fread_nolock 46 API calls 15518->15519 15519->15518 15521 7ff6fa94c8db 15520->15521 15522 7ff6fa94c8f9 15520->15522 15524 7ff6fa94fc70 _get_daylight 13 API calls 15521->15524 15523 7ff6fa94c8eb 15522->15523 17039 7ff6fa94fba0 EnterCriticalSection 15522->17039 15523->15220 15525 7ff6fa94c8e0 15524->15525 15527 7ff6fa955964 _invalid_parameter_noinfo 30 API calls 15525->15527 15527->15523 15533 7ff6fa943057 15532->15533 15534 7ff6fa943080 15532->15534 15533->15534 15535 7ff6fa941770 18 API calls 15533->15535 15534->15200 15535->15533 15539 7ff6fa9456d4 15536->15539 15542 7ff6fa945701 15536->15542 15537 7ff6fa94376a 15537->15219 15547 7ff6fa945260 15537->15547 15538 7ff6fa9456fc 17040 7ff6fa9412b0 15538->17040 15539->15537 15539->15538 15540 7ff6fa941770 18 API calls 15539->15540 15539->15542 15540->15539 15542->15537 15543 7ff6fa945837 15542->15543 15545 7ff6fa9457d7 memcpy_s 15542->15545 15544 7ff6fa942760 18 API calls 15543->15544 15544->15537 15545->15537 15546 7ff6fa94f95c __vcrt_freefls 14 API calls 15545->15546 15546->15537 15555 7ff6fa945273 memcpy_s 15547->15555 15548 7ff6fa94f95c __vcrt_freefls 14 API calls 15550 7ff6fa945473 15548->15550 15551 7ff6fa94a5f0 _wfindfirst32i64 8 API calls 15550->15551 15552 7ff6fa94377b 15551->15552 15552->15235 15552->15236 15553 7ff6fa9454ac 15554 7ff6fa942760 18 API calls 15553->15554 15559 7ff6fa9453b6 15554->15559 15555->15553 15556 7ff6fa941440 144 API calls 15555->15556 15557 7ff6fa945495 15555->15557 15555->15559 17066 7ff6fa941650 15555->17066 15556->15555 15558 7ff6fa942760 18 API calls 15557->15558 15558->15559 15559->15548 17071 7ff6fa946ca0 15560->17071 15563 7ff6fa946ca0 31 API calls 15564 7ff6fa945215 15563->15564 15565 7ff6fa94523a 15564->15565 15566 7ff6fa94522d GetProcAddress 15564->15566 15567 7ff6fa942760 18 API calls 15565->15567 15570 7ff6fa945ae9 15566->15570 15571 7ff6fa945b0c GetProcAddress 15566->15571 15569 7ff6fa945246 15567->15569 15569->15241 15573 7ff6fa942610 16 API calls 15570->15573 15571->15570 15572 7ff6fa945b31 GetProcAddress 15571->15572 15572->15570 15574 7ff6fa945b56 GetProcAddress 15572->15574 15575 7ff6fa945afc 15573->15575 15574->15570 15576 7ff6fa945b7e GetProcAddress 15574->15576 15575->15241 15576->15570 15577 7ff6fa945ba6 GetProcAddress 15576->15577 15577->15570 15578 7ff6fa945bce GetProcAddress 15577->15578 15579 7ff6fa945bf6 GetProcAddress 15578->15579 15580 7ff6fa945bea 15578->15580 15581 7ff6fa945c1e GetProcAddress 15579->15581 15582 7ff6fa945c12 15579->15582 15580->15579 15583 7ff6fa945c46 GetProcAddress 15581->15583 15584 7ff6fa945c3a 15581->15584 15582->15581 15585 7ff6fa945c6e GetProcAddress 15583->15585 15586 7ff6fa945c62 15583->15586 15584->15583 15587 7ff6fa945c96 GetProcAddress 15585->15587 15588 7ff6fa945c8a 15585->15588 15586->15585 15589 7ff6fa945cbe GetProcAddress 15587->15589 15590 7ff6fa945cb2 15587->15590 15588->15587 15591 7ff6fa945ce6 GetProcAddress 15589->15591 15592 7ff6fa945cda 15589->15592 15590->15589 15593 7ff6fa945d0e GetProcAddress 15591->15593 15594 7ff6fa945d02 15591->15594 15592->15591 15595 7ff6fa945d36 GetProcAddress 15593->15595 15596 7ff6fa945d2a 15593->15596 15594->15593 15597 7ff6fa945d5e GetProcAddress 15595->15597 15598 7ff6fa945d52 15595->15598 15596->15595 15599 7ff6fa945d86 GetProcAddress 15597->15599 15600 7ff6fa945d7a 15597->15600 15598->15597 15600->15599 15629 7ff6fa94587d 15628->15629 15630 7ff6fa942760 18 API calls 15629->15630 15633 7ff6fa94379c 15629->15633 15631 7ff6fa9458c9 15630->15631 15632 7ff6fa9454d0 FreeLibrary 15631->15632 15632->15633 15633->15224 17076 7ff6fa944770 15634->17076 15637 7ff6fa942ebd 15637->15247 15639 7ff6fa942e94 15639->15637 17124 7ff6fa944540 15639->17124 15641 7ff6fa942ea0 15641->15637 17135 7ff6fa944670 15641->17135 15643 7ff6fa942eac 15643->15637 15644 7ff6fa9430e0 15643->15644 15646 7ff6fa9430f5 15643->15646 15645 7ff6fa942760 18 API calls 15644->15645 15650 7ff6fa9430ec 15645->15650 15647 7ff6fa94310e 15646->15647 15658 7ff6fa943123 15646->15658 15648 7ff6fa942760 18 API calls 15647->15648 15648->15650 15649 7ff6fa94a5f0 _wfindfirst32i64 8 API calls 15651 7ff6fa943244 15649->15651 15650->15649 15651->15247 15652 7ff6fa9412b0 105 API calls 15652->15658 15653 7ff6fa941770 18 API calls 15653->15658 15654 7ff6fa9434ad 15655 7ff6fa942760 18 API calls 15654->15655 15655->15650 15656 7ff6fa94348d 15657 7ff6fa942760 18 API calls 15656->15657 15657->15650 15658->15650 15658->15652 15658->15653 15658->15654 15658->15656 15659 7ff6fa94f95c __vcrt_freefls 14 API calls 15658->15659 15660 7ff6fa943250 15658->15660 15659->15658 15661 7ff6fa9432ac 15660->15661 15662 7ff6fa954ba8 30 API calls 15660->15662 15663 7ff6fa9416d0 18 API calls 15661->15663 15662->15661 15664 7ff6fa9432c7 15663->15664 15665 7ff6fa9432cc 15664->15665 15672 7ff6fa9432e0 15664->15672 15666 7ff6fa954ba8 30 API calls 15665->15666 15674 7ff6fa9432d8 15666->15674 15673 7ff6fa954ba8 30 API calls 15672->15673 15672->15674 15673->15674 17140 7ff6fa9423a0 15674->17140 15690 7ff6fa94a620 15675->15690 15678 7ff6fa942659 15692 7ff6fa946fa0 15678->15692 15680 7ff6fa942690 memcpy_s 15681 7ff6fa947490 13 API calls 15680->15681 15682 7ff6fa9426e5 15681->15682 15683 7ff6fa9426ea 15682->15683 15684 7ff6fa942724 MessageBoxA 15682->15684 15685 7ff6fa947490 13 API calls 15683->15685 15686 7ff6fa94273e 15684->15686 15687 7ff6fa942704 MessageBoxW 15685->15687 15688 7ff6fa94a5f0 _wfindfirst32i64 8 API calls 15686->15688 15687->15686 15689 7ff6fa94274e 15688->15689 15689->15323 15691 7ff6fa94262c GetLastError 15690->15691 15691->15678 15693 7ff6fa946fac 15692->15693 15694 7ff6fa946fc7 GetLastError 15693->15694 15695 7ff6fa946fcd FormatMessageW 15693->15695 15694->15695 15696 7ff6fa94701c WideCharToMultiByte 15695->15696 15697 7ff6fa947000 15695->15697 15698 7ff6fa947056 15696->15698 15700 7ff6fa947013 15696->15700 15699 7ff6fa942610 13 API calls 15697->15699 15701 7ff6fa942610 13 API calls 15698->15701 15699->15700 15702 7ff6fa94a5f0 _wfindfirst32i64 8 API calls 15700->15702 15701->15700 15703 7ff6fa947085 15702->15703 15703->15680 15711 7ff6fa94fba0 EnterCriticalSection 15704->15711 15713 7ff6fa9424dc 15712->15713 15714 7ff6fa94fc70 _get_daylight 13 API calls 15713->15714 15715 7ff6fa942534 15714->15715 15727 7ff6fa94fc90 15715->15727 15717 7ff6fa94253b memcpy_s 15718 7ff6fa947490 16 API calls 15717->15718 15719 7ff6fa942590 15718->15719 15720 7ff6fa9425cf MessageBoxA 15719->15720 15721 7ff6fa942595 15719->15721 15723 7ff6fa9425e9 15720->15723 15722 7ff6fa947490 16 API calls 15721->15722 15724 7ff6fa9425af MessageBoxW 15722->15724 15725 7ff6fa94a5f0 _wfindfirst32i64 8 API calls 15723->15725 15724->15723 15726 7ff6fa9425f9 15725->15726 15726->15338 15728 7ff6fa958660 _get_daylight 13 API calls 15727->15728 15729 7ff6fa94fca2 15728->15729 15730 7ff6fa94fcaa 15729->15730 15731 7ff6fa959550 _get_daylight 13 API calls 15729->15731 15734 7ff6fa94fcdd 15729->15734 15730->15717 15732 7ff6fa94fcd2 15731->15732 15733 7ff6fa9559cc __free_lconv_mon 13 API calls 15732->15733 15733->15734 15734->15730 15739 7ff6fa959d00 15734->15739 15737 7ff6fa955984 _wfindfirst32i64 17 API calls 15738 7ff6fa94fd6b 15737->15738 15742 7ff6fa959d18 15739->15742 15740 7ff6fa959d1d 15741 7ff6fa94fc70 _get_daylight 13 API calls 15740->15741 15745 7ff6fa94fd49 15740->15745 15747 7ff6fa959d27 15741->15747 15742->15740 15744 7ff6fa959d62 15742->15744 15742->15745 15743 7ff6fa955964 _invalid_parameter_noinfo 30 API calls 15743->15745 15744->15745 15746 7ff6fa94fc70 _get_daylight 13 API calls 15744->15746 15745->15730 15745->15737 15746->15747 15747->15743 15749 7ff6fa9475c4 WideCharToMultiByte 15748->15749 15750 7ff6fa947632 WideCharToMultiByte 15748->15750 15752 7ff6fa9475ee 15749->15752 15756 7ff6fa947605 15749->15756 15751 7ff6fa94765f 15750->15751 15754 7ff6fa943aa5 15750->15754 15753 7ff6fa942610 16 API calls 15751->15753 15755 7ff6fa942610 16 API calls 15752->15755 15753->15754 15754->15347 15754->15349 15755->15754 15756->15750 15757 7ff6fa94761b 15756->15757 15758 7ff6fa942610 16 API calls 15757->15758 15758->15754 15760 7ff6fa94655e 15759->15760 15761 7ff6fa954bbf 15759->15761 15760->15365 15761->15760 15762 7ff6fa954c48 30 API calls 15761->15762 15763 7ff6fa954bec 15762->15763 15763->15760 15764 7ff6fa955984 _wfindfirst32i64 17 API calls 15763->15764 15765 7ff6fa954c1c 15764->15765 15767 7ff6fa9417d4 15766->15767 15768 7ff6fa9417c4 15766->15768 15770 7ff6fa946cf0 47 API calls 15767->15770 15771 7ff6fa941832 15767->15771 15769 7ff6fa943b50 98 API calls 15768->15769 15769->15767 15773 7ff6fa941805 15770->15773 15772 7ff6fa94a5f0 _wfindfirst32i64 8 API calls 15771->15772 15774 7ff6fa9419b0 15772->15774 15773->15771 15775 7ff6fa94183c 15773->15775 15776 7ff6fa94181f 15773->15776 15774->15376 15774->15377 15796 7ff6fa94cbe0 15775->15796 15778 7ff6fa9424c0 40 API calls 15776->15778 15778->15771 15779 7ff6fa941857 15780 7ff6fa9424c0 40 API calls 15779->15780 15780->15771 15781 7ff6fa941851 15781->15779 15782 7ff6fa9418ee 15781->15782 15783 7ff6fa9418d3 15781->15783 15784 7ff6fa94cbe0 _fread_nolock 46 API calls 15782->15784 15785 7ff6fa9424c0 40 API calls 15783->15785 15786 7ff6fa941903 15784->15786 15785->15771 15786->15779 15787 7ff6fa941915 15786->15787 15799 7ff6fa94c954 15787->15799 15790 7ff6fa94192d 15791 7ff6fa942760 18 API calls 15790->15791 15791->15771 15792 7ff6fa941940 15794 7ff6fa942760 18 API calls 15792->15794 15795 7ff6fa941983 15792->15795 15793 7ff6fa94c8c4 64 API calls 15793->15771 15794->15795 15795->15771 15795->15793 15805 7ff6fa94cc00 15796->15805 15800 7ff6fa94c95d 15799->15800 15801 7ff6fa941929 15799->15801 15802 7ff6fa94fc70 _get_daylight 13 API calls 15800->15802 15801->15790 15801->15792 15803 7ff6fa94c962 15802->15803 15804 7ff6fa955964 _invalid_parameter_noinfo 30 API calls 15803->15804 15804->15801 15806 7ff6fa94cc2a 15805->15806 15817 7ff6fa94cbf8 15805->15817 15807 7ff6fa94cc76 15806->15807 15809 7ff6fa94cc39 memcpy_s 15806->15809 15806->15817 15818 7ff6fa94fba0 EnterCriticalSection 15807->15818 15810 7ff6fa94fc70 _get_daylight 13 API calls 15809->15810 15812 7ff6fa94cc4e 15810->15812 15814 7ff6fa955964 _invalid_parameter_noinfo 30 API calls 15812->15814 15814->15817 15817->15781 15901 7ff6fa946270 15819->15901 15821 7ff6fa941454 15822 7ff6fa941459 15821->15822 15910 7ff6fa946590 15821->15910 15822->15403 15825 7ff6fa9414a7 15828 7ff6fa9414e0 15825->15828 15829 7ff6fa943b50 98 API calls 15825->15829 15826 7ff6fa941487 15827 7ff6fa9424c0 40 API calls 15826->15827 15846 7ff6fa94149d 15827->15846 15832 7ff6fa941516 15828->15832 15833 7ff6fa9414f6 15828->15833 15830 7ff6fa9414bf 15829->15830 15830->15828 15831 7ff6fa9414c7 15830->15831 15834 7ff6fa942760 18 API calls 15831->15834 15836 7ff6fa94151c 15832->15836 15837 7ff6fa941534 15832->15837 15835 7ff6fa9424c0 40 API calls 15833->15835 15838 7ff6fa9414d6 15834->15838 15835->15838 15926 7ff6fa941050 15836->15926 15840 7ff6fa941556 15837->15840 15849 7ff6fa941575 15837->15849 15842 7ff6fa94c8c4 64 API calls 15838->15842 15845 7ff6fa941624 15838->15845 15841 7ff6fa9424c0 40 API calls 15840->15841 15841->15838 15842->15845 15843 7ff6fa94c8c4 64 API calls 15843->15846 15844 7ff6fa94f95c __vcrt_freefls 14 API calls 15844->15838 15845->15843 15846->15403 15847 7ff6fa94cbe0 _fread_nolock 46 API calls 15847->15849 15848 7ff6fa9415d5 15851 7ff6fa9424c0 40 API calls 15848->15851 15849->15847 15849->15848 15852 7ff6fa9415d3 15849->15852 15948 7ff6fa94d108 15849->15948 15851->15852 15852->15844 15855 7ff6fa942996 15853->15855 15854 7ff6fa942db9 15855->15854 16346 7ff6fa942dd0 15855->16346 15858 7ff6fa942ad7 15859 7ff6fa946270 80 API calls 15858->15859 15862 7ff6fa942adf 15859->15862 15860 7ff6fa942dd0 55 API calls 15861 7ff6fa942ad3 15860->15861 15861->15858 15863 7ff6fa942b45 15861->15863 15864 7ff6fa942afc 15862->15864 16352 7ff6fa946150 15862->16352 15866 7ff6fa942dd0 55 API calls 15863->15866 15868 7ff6fa942760 18 API calls 15864->15868 15870 7ff6fa942b16 15864->15870 15867 7ff6fa942b6e 15866->15867 15869 7ff6fa942bc8 15867->15869 15871 7ff6fa942dd0 55 API calls 15867->15871 15868->15870 15869->15864 15872 7ff6fa946270 80 API calls 15869->15872 15874 7ff6fa94a5f0 _wfindfirst32i64 8 API calls 15870->15874 15873 7ff6fa942b9b 15871->15873 15878 7ff6fa942bd8 15872->15878 15873->15869 15876 7ff6fa942dd0 55 API calls 15873->15876 15875 7ff6fa942b3a 15874->15875 15875->15403 15876->15869 15877 7ff6fa941ae0 40 API calls 15882 7ff6fa942c2f 15877->15882 15878->15864 15878->15877 15879 7ff6fa942cf6 15878->15879 15879->15864 15893 7ff6fa942d0e 15879->15893 15880 7ff6fa942d92 15881 7ff6fa942760 18 API calls 15880->15881 15883 7ff6fa942cf1 15881->15883 15882->15864 15882->15880 15887 7ff6fa942cbc 15882->15887 15884 7ff6fa941aa0 65 API calls 15883->15884 15884->15864 15885 7ff6fa941770 18 API calls 15885->15893 15886 7ff6fa941440 144 API calls 15886->15893 15888 7ff6fa9417a0 103 API calls 15887->15888 15891 7ff6fa942cd3 15888->15891 15889 7ff6fa942d74 15890 7ff6fa942760 18 API calls 15889->15890 15894 7ff6fa942d85 15890->15894 15892 7ff6fa942cd7 15891->15892 15891->15893 15895 7ff6fa9424c0 40 API calls 15892->15895 15893->15870 15893->15885 15893->15886 15893->15889 15896 7ff6fa941aa0 65 API calls 15894->15896 15895->15883 15896->15870 15898 7ff6fa941791 15897->15898 15899 7ff6fa941785 15897->15899 15898->15403 15900 7ff6fa942760 18 API calls 15899->15900 15900->15898 15902 7ff6fa9462b8 15901->15902 15903 7ff6fa946282 15901->15903 15902->15821 15957 7ff6fa9416d0 15903->15957 15908 7ff6fa942760 18 API calls 15909 7ff6fa9462ad 15908->15909 15909->15821 15913 7ff6fa9465a0 15910->15913 15911 7ff6fa946759 15912 7ff6fa94a5f0 _wfindfirst32i64 8 API calls 15911->15912 15914 7ff6fa94147f 15912->15914 15913->15911 16305 7ff6fa950898 15913->16305 15914->15825 15914->15826 15916 7ff6fa946709 15917 7ff6fa947490 16 API calls 15916->15917 15919 7ff6fa946721 15917->15919 15918 7ff6fa946748 15921 7ff6fa943b50 98 API calls 15918->15921 15919->15918 16314 7ff6fa942870 15919->16314 15921->15911 15922 7ff6fa94662d 15922->15911 15922->15916 15923 7ff6fa950898 37 API calls 15922->15923 15924 7ff6fa947490 16 API calls 15922->15924 15925 7ff6fa947300 32 API calls 15922->15925 15923->15922 15924->15922 15925->15922 15927 7ff6fa9410a6 15926->15927 15928 7ff6fa9410ad 15927->15928 15929 7ff6fa9410d3 15927->15929 15930 7ff6fa942760 18 API calls 15928->15930 15932 7ff6fa941109 15929->15932 15933 7ff6fa9410ed 15929->15933 15931 7ff6fa9410c0 15930->15931 15931->15838 15935 7ff6fa94111b 15932->15935 15946 7ff6fa941137 memcpy_s 15932->15946 15934 7ff6fa9424c0 40 API calls 15933->15934 15938 7ff6fa941104 15934->15938 15936 7ff6fa9424c0 40 API calls 15935->15936 15936->15938 15937 7ff6fa94cbe0 _fread_nolock 46 API calls 15937->15946 15939 7ff6fa94f95c __vcrt_freefls 14 API calls 15938->15939 15940 7ff6fa94127e 15939->15940 15941 7ff6fa94f95c __vcrt_freefls 14 API calls 15940->15941 15942 7ff6fa941286 15941->15942 15942->15838 15943 7ff6fa9411fe 15944 7ff6fa942760 18 API calls 15943->15944 15944->15938 15945 7ff6fa94d108 64 API calls 15945->15946 15946->15937 15946->15938 15946->15943 15946->15945 15947 7ff6fa94c954 30 API calls 15946->15947 15947->15946 15949 7ff6fa94d128 15948->15949 15950 7ff6fa94d142 15948->15950 15949->15950 15951 7ff6fa94d14a 15949->15951 15952 7ff6fa94d132 15949->15952 15950->15849 16338 7ff6fa94ceb8 15951->16338 15953 7ff6fa94fc70 _get_daylight 13 API calls 15952->15953 15955 7ff6fa94d137 15953->15955 15956 7ff6fa955964 _invalid_parameter_noinfo 30 API calls 15955->15956 15956->15950 15958 7ff6fa9416f5 15957->15958 15958->15958 15959 7ff6fa941732 15958->15959 15960 7ff6fa942760 18 API calls 15958->15960 15961 7ff6fa9462d0 15959->15961 15960->15959 15962 7ff6fa9462e8 15961->15962 15963 7ff6fa946308 15962->15963 15964 7ff6fa94635b 15962->15964 15965 7ff6fa9464e0 42 API calls 15963->15965 15966 7ff6fa946360 GetTempPathW 15964->15966 15967 7ff6fa946314 15965->15967 15980 7ff6fa946375 15966->15980 16038 7ff6fa945fd0 15967->16038 15971 7ff6fa94a5f0 _wfindfirst32i64 8 API calls 15974 7ff6fa94629d 15971->15974 15974->15902 15974->15908 15975 7ff6fa94f95c __vcrt_freefls 14 API calls 15977 7ff6fa946344 15975->15977 15977->15966 15978 7ff6fa946348 15977->15978 15981 7ff6fa942760 18 API calls 15978->15981 15979 7ff6fa946436 15984 7ff6fa9475a0 18 API calls 15979->15984 15980->15979 15982 7ff6fa94f95c __vcrt_freefls 14 API calls 15980->15982 15986 7ff6fa9463c1 15980->15986 16017 7ff6fa952f7c 15980->16017 16020 7ff6fa947300 15980->16020 15983 7ff6fa946354 15981->15983 15982->15980 16016 7ff6fa946412 15983->16016 15985 7ff6fa946447 15984->15985 15987 7ff6fa94f95c __vcrt_freefls 14 API calls 15985->15987 15989 7ff6fa947490 16 API calls 15986->15989 15986->16016 15988 7ff6fa94644f 15987->15988 15990 7ff6fa947490 16 API calls 15988->15990 15988->16016 15991 7ff6fa9463d7 15989->15991 15992 7ff6fa946465 15990->15992 15993 7ff6fa946419 SetEnvironmentVariableW 15991->15993 15994 7ff6fa9463dc 15991->15994 15995 7ff6fa94649d SetEnvironmentVariableW 15992->15995 15996 7ff6fa94646a 15992->15996 15997 7ff6fa94f95c __vcrt_freefls 14 API calls 15993->15997 15998 7ff6fa947490 16 API calls 15994->15998 16001 7ff6fa946498 15995->16001 16000 7ff6fa947490 16 API calls 15996->16000 15997->16016 15999 7ff6fa9463ec 15998->15999 16002 7ff6fa951d4c 31 API calls 15999->16002 16003 7ff6fa94647a 16000->16003 16004 7ff6fa94f95c __vcrt_freefls 14 API calls 16001->16004 16005 7ff6fa9463fa 16002->16005 16006 7ff6fa951d4c 31 API calls 16003->16006 16004->16016 16007 7ff6fa94f95c __vcrt_freefls 14 API calls 16005->16007 16008 7ff6fa946488 16006->16008 16009 7ff6fa946402 16007->16009 16010 7ff6fa94f95c __vcrt_freefls 14 API calls 16008->16010 16011 7ff6fa94f95c __vcrt_freefls 14 API calls 16009->16011 16012 7ff6fa946490 16010->16012 16013 7ff6fa94640a 16011->16013 16014 7ff6fa94f95c __vcrt_freefls 14 API calls 16012->16014 16015 7ff6fa94f95c __vcrt_freefls 14 API calls 16013->16015 16014->16001 16015->16016 16016->15971 16073 7ff6fa952be0 16017->16073 16021 7ff6fa94a620 16020->16021 16022 7ff6fa947310 GetCurrentProcess OpenProcessToken 16021->16022 16023 7ff6fa94735b GetTokenInformation 16022->16023 16024 7ff6fa9473d1 16022->16024 16025 7ff6fa94737d GetLastError 16023->16025 16027 7ff6fa947388 16023->16027 16026 7ff6fa94f95c __vcrt_freefls 14 API calls 16024->16026 16025->16024 16025->16027 16028 7ff6fa9473d9 16026->16028 16027->16024 16031 7ff6fa94739e GetTokenInformation 16027->16031 16029 7ff6fa9473ea 16028->16029 16030 7ff6fa9473e4 CloseHandle 16028->16030 16032 7ff6fa947413 LocalFree ConvertStringSecurityDescriptorToSecurityDescriptorW 16029->16032 16030->16029 16031->16024 16033 7ff6fa9473c4 ConvertSidToStringSidW 16031->16033 16034 7ff6fa947446 CreateDirectoryW 16032->16034 16035 7ff6fa947458 16032->16035 16033->16024 16034->16035 16036 7ff6fa94a5f0 _wfindfirst32i64 8 API calls 16035->16036 16037 7ff6fa947471 16036->16037 16037->15980 16039 7ff6fa945fdc 16038->16039 16040 7ff6fa947490 16 API calls 16039->16040 16041 7ff6fa945ffe 16040->16041 16042 7ff6fa946019 ExpandEnvironmentStringsW 16041->16042 16043 7ff6fa946006 16041->16043 16045 7ff6fa94f95c __vcrt_freefls 14 API calls 16042->16045 16044 7ff6fa942760 18 API calls 16043->16044 16046 7ff6fa946012 16044->16046 16047 7ff6fa94603f 16045->16047 16050 7ff6fa94a5f0 _wfindfirst32i64 8 API calls 16046->16050 16048 7ff6fa946043 16047->16048 16051 7ff6fa946056 16047->16051 16049 7ff6fa942760 18 API calls 16048->16049 16049->16046 16052 7ff6fa946138 16050->16052 16053 7ff6fa946070 16051->16053 16054 7ff6fa946064 16051->16054 16052->16016 16063 7ff6fa951d4c 16052->16063 16196 7ff6fa950b08 16053->16196 16189 7ff6fa9515d4 16054->16189 16057 7ff6fa94606e 16058 7ff6fa94608a 16057->16058 16061 7ff6fa94609d memcpy_s 16057->16061 16059 7ff6fa942760 18 API calls 16058->16059 16059->16046 16060 7ff6fa946112 CreateDirectoryW 16060->16046 16061->16060 16062 7ff6fa9460ec CreateDirectoryW 16061->16062 16062->16061 16064 7ff6fa951d6c 16063->16064 16065 7ff6fa951d59 16063->16065 16297 7ff6fa9519c8 16064->16297 16067 7ff6fa94fc70 _get_daylight 13 API calls 16065->16067 16068 7ff6fa951d5e 16067->16068 16070 7ff6fa955964 _invalid_parameter_noinfo 30 API calls 16068->16070 16071 7ff6fa94633a 16070->16071 16071->15975 16116 7ff6fa95bd40 16073->16116 16166 7ff6fa95babc 16116->16166 16187 7ff6fa95af44 EnterCriticalSection 16166->16187 16190 7ff6fa9515f2 16189->16190 16193 7ff6fa951625 16189->16193 16191 7ff6fa95b0d4 _wfindfirst32i64 30 API calls 16190->16191 16190->16193 16192 7ff6fa951621 16191->16192 16192->16193 16194 7ff6fa955984 _wfindfirst32i64 17 API calls 16192->16194 16193->16057 16195 7ff6fa951655 16194->16195 16197 7ff6fa950b27 16196->16197 16198 7ff6fa950b90 16196->16198 16197->16198 16200 7ff6fa950b2c 16197->16200 16237 7ff6fa95a868 16198->16237 16202 7ff6fa950b5c 16200->16202 16203 7ff6fa950b3f 16200->16203 16201 7ff6fa950b54 16201->16057 16218 7ff6fa95093c GetFullPathNameW 16202->16218 16210 7ff6fa9508c8 GetFullPathNameW 16203->16210 16208 7ff6fa950b7a 16208->16201 16209 7ff6fa94f95c __vcrt_freefls 14 API calls 16208->16209 16209->16201 16211 7ff6fa9508ee GetLastError 16210->16211 16212 7ff6fa950904 16210->16212 16213 7ff6fa94fc00 _fread_nolock 13 API calls 16211->16213 16214 7ff6fa950900 16212->16214 16216 7ff6fa94fc70 _get_daylight 13 API calls 16212->16216 16215 7ff6fa9508fb 16213->16215 16214->16201 16217 7ff6fa94fc70 _get_daylight 13 API calls 16215->16217 16216->16214 16217->16214 16219 7ff6fa950989 16218->16219 16220 7ff6fa950973 GetLastError 16218->16220 16224 7ff6fa94f95c __vcrt_freefls 14 API calls 16219->16224 16225 7ff6fa950985 16219->16225 16226 7ff6fa9509a7 16219->16226 16221 7ff6fa94fc00 _fread_nolock 13 API calls 16220->16221 16222 7ff6fa950980 16221->16222 16223 7ff6fa94fc70 _get_daylight 13 API calls 16222->16223 16223->16225 16224->16226 16228 7ff6fa950a20 16225->16228 16226->16225 16227 7ff6fa9509e0 GetFullPathNameW 16226->16227 16227->16220 16227->16225 16231 7ff6fa950a49 memcpy_s 16228->16231 16233 7ff6fa950a99 memcpy_s 16228->16233 16229 7ff6fa950a82 16230 7ff6fa94fc70 _get_daylight 13 API calls 16229->16230 16231->16229 16231->16233 16234 7ff6fa950abb 16231->16234 16233->16208 16234->16233 16236 7ff6fa94fc70 _get_daylight 13 API calls 16234->16236 16240 7ff6fa95a680 16237->16240 16241 7ff6fa95a6ac 16240->16241 16242 7ff6fa95a6d5 16240->16242 16243 7ff6fa94fc70 _get_daylight 13 API calls 16241->16243 16244 7ff6fa95a6fa 16242->16244 16245 7ff6fa95a6d9 16242->16245 16258 7ff6fa95a6b1 16243->16258 16283 7ff6fa959dd4 16244->16283 16271 7ff6fa95a7e8 16245->16271 16250 7ff6fa955964 _invalid_parameter_noinfo 30 API calls 16253 7ff6fa95a6bc 16250->16253 16256 7ff6fa94a5f0 _wfindfirst32i64 8 API calls 16253->16256 16259 7ff6fa95a6ca 16256->16259 16258->16250 16259->16201 16272 7ff6fa95a802 16271->16272 16273 7ff6fa95a821 16271->16273 16275 7ff6fa94fc50 _fread_nolock 13 API calls 16272->16275 16274 7ff6fa95a82c GetDriveTypeW 16273->16274 16276 7ff6fa95a81d 16273->16276 16274->16276 16277 7ff6fa95a807 16275->16277 16279 7ff6fa94a5f0 _wfindfirst32i64 8 API calls 16276->16279 16278 7ff6fa94fc70 _get_daylight 13 API calls 16277->16278 16281 7ff6fa95a6de 16279->16281 16284 7ff6fa94ba40 memcpy_s 16283->16284 16285 7ff6fa959e0a GetCurrentDirectoryW 16284->16285 16286 7ff6fa959e48 16285->16286 16287 7ff6fa959e21 16285->16287 16288 7ff6fa959550 _get_daylight 13 API calls 16286->16288 16304 7ff6fa95af44 EnterCriticalSection 16297->16304 16306 7ff6fa9584e4 33 API calls 16305->16306 16308 7ff6fa9508ad 16306->16308 16307 7ff6fa95a679 16325 7ff6fa94a9e4 16307->16325 16308->16307 16311 7ff6fa95a5a0 16308->16311 16312 7ff6fa94a5f0 _wfindfirst32i64 8 API calls 16311->16312 16313 7ff6fa95a66e 16312->16313 16313->15922 16315 7ff6fa942890 memcpy_s 16314->16315 16316 7ff6fa947490 16 API calls 16315->16316 16317 7ff6fa94290a 16316->16317 16318 7ff6fa942949 MessageBoxA 16317->16318 16319 7ff6fa94290f 16317->16319 16321 7ff6fa942963 16318->16321 16320 7ff6fa947490 16 API calls 16319->16320 16322 7ff6fa942929 MessageBoxW 16320->16322 16323 7ff6fa94a5f0 _wfindfirst32i64 8 API calls 16321->16323 16322->16321 16324 7ff6fa942973 16323->16324 16324->15918 16328 7ff6fa94a9f8 IsProcessorFeaturePresent 16325->16328 16329 7ff6fa94aa0f 16328->16329 16334 7ff6fa94aa94 RtlCaptureContext RtlLookupFunctionEntry 16329->16334 16335 7ff6fa94aa23 16334->16335 16336 7ff6fa94aac4 RtlVirtualUnwind 16334->16336 16337 7ff6fa94a8dc SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16335->16337 16336->16335 16345 7ff6fa94fba0 EnterCriticalSection 16338->16345 16347 7ff6fa942e04 16346->16347 16348 7ff6fa942e3b 16347->16348 16376 7ff6fa9505c0 16347->16376 16350 7ff6fa94a5f0 _wfindfirst32i64 8 API calls 16348->16350 16351 7ff6fa942a86 16350->16351 16351->15858 16351->15860 16353 7ff6fa94615e 16352->16353 16354 7ff6fa943b50 98 API calls 16353->16354 16355 7ff6fa946185 16354->16355 16356 7ff6fa946590 115 API calls 16355->16356 16357 7ff6fa946193 16356->16357 16358 7ff6fa9461ad 16357->16358 16359 7ff6fa946243 16357->16359 16507 7ff6fa94c928 16358->16507 16361 7ff6fa94c8c4 64 API calls 16359->16361 16362 7ff6fa94623f 16359->16362 16361->16362 16363 7ff6fa94a5f0 _wfindfirst32i64 8 API calls 16362->16363 16365 7ff6fa946265 16363->16365 16364 7ff6fa946220 16366 7ff6fa94c8c4 64 API calls 16364->16366 16365->15864 16368 7ff6fa946237 16366->16368 16367 7ff6fa94cbe0 _fread_nolock 46 API calls 16374 7ff6fa9461b2 16367->16374 16369 7ff6fa94c8c4 64 API calls 16368->16369 16369->16362 16370 7ff6fa94c954 30 API calls 16370->16374 16371 7ff6fa94d108 64 API calls 16371->16374 16372 7ff6fa9461e9 16513 7ff6fa952f98 16372->16513 16373 7ff6fa94c928 30 API calls 16373->16374 16374->16364 16374->16367 16374->16370 16374->16371 16374->16372 16374->16373 16377 7ff6fa9505dd 16376->16377 16378 7ff6fa9505e9 16376->16378 16393 7ff6fa94fee4 16377->16393 16380 7ff6fa94da10 33 API calls 16378->16380 16381 7ff6fa950611 16380->16381 16382 7ff6fa9597f0 5 API calls 16381->16382 16385 7ff6fa950621 16381->16385 16382->16385 16383 7ff6fa94fd6c 16 API calls 16384 7ff6fa950675 16383->16384 16386 7ff6fa95068d 16384->16386 16387 7ff6fa950679 16384->16387 16385->16383 16389 7ff6fa94fee4 52 API calls 16386->16389 16388 7ff6fa9505e2 16387->16388 16390 7ff6fa9559cc __free_lconv_mon 13 API calls 16387->16390 16388->16348 16391 7ff6fa950699 16389->16391 16390->16388 16391->16388 16392 7ff6fa9559cc __free_lconv_mon 13 API calls 16391->16392 16392->16388 16394 7ff6fa94ff03 16393->16394 16395 7ff6fa94ff1f 16393->16395 16397 7ff6fa94fc50 _fread_nolock 13 API calls 16394->16397 16395->16394 16396 7ff6fa94ff32 CreateFileW 16395->16396 16399 7ff6fa94ffac 16396->16399 16400 7ff6fa94ff65 16396->16400 16398 7ff6fa94ff08 16397->16398 16402 7ff6fa94fc70 _get_daylight 13 API calls 16398->16402 16443 7ff6fa9504b4 16399->16443 16417 7ff6fa950030 GetFileType 16400->16417 16405 7ff6fa94ff0f 16402->16405 16408 7ff6fa955964 _invalid_parameter_noinfo 30 API calls 16405->16408 16406 7ff6fa94ffb5 16410 7ff6fa94fc00 _fread_nolock 13 API calls 16406->16410 16407 7ff6fa94ffc1 16466 7ff6fa950270 16407->16466 16411 7ff6fa94ff1a 16408->16411 16409 7ff6fa94ff73 16409->16411 16413 7ff6fa94ff8e CloseHandle 16409->16413 16416 7ff6fa94ffbf 16410->16416 16411->16388 16413->16411 16416->16409 16418 7ff6fa95013b 16417->16418 16419 7ff6fa95007e 16417->16419 16420 7ff6fa950143 16418->16420 16421 7ff6fa950165 16418->16421 16422 7ff6fa9500aa GetFileInformationByHandle 16419->16422 16427 7ff6fa9503ac 23 API calls 16419->16427 16423 7ff6fa950156 GetLastError 16420->16423 16424 7ff6fa950147 16420->16424 16426 7ff6fa950188 PeekNamedPipe 16421->16426 16432 7ff6fa950126 16421->16432 16422->16423 16425 7ff6fa9500d3 16422->16425 16430 7ff6fa94fc00 _fread_nolock 13 API calls 16423->16430 16428 7ff6fa94fc70 _get_daylight 13 API calls 16424->16428 16429 7ff6fa950270 34 API calls 16425->16429 16426->16432 16431 7ff6fa950098 16427->16431 16428->16432 16433 7ff6fa9500de 16429->16433 16430->16432 16431->16422 16431->16432 16434 7ff6fa94a5f0 _wfindfirst32i64 8 API calls 16432->16434 16483 7ff6fa9501d8 16433->16483 16436 7ff6fa9501c1 16434->16436 16436->16409 16438 7ff6fa9501d8 10 API calls 16439 7ff6fa9500fd 16438->16439 16440 7ff6fa9501d8 10 API calls 16439->16440 16441 7ff6fa95010e 16440->16441 16441->16432 16442 7ff6fa94fc70 _get_daylight 13 API calls 16441->16442 16442->16432 16444 7ff6fa9504ea 16443->16444 16446 7ff6fa94fc70 _get_daylight 13 API calls 16444->16446 16462 7ff6fa950592 16444->16462 16445 7ff6fa94a5f0 _wfindfirst32i64 8 API calls 16447 7ff6fa94ffb1 16445->16447 16448 7ff6fa9504fe 16446->16448 16447->16406 16447->16407 16449 7ff6fa94fc70 _get_daylight 13 API calls 16448->16449 16450 7ff6fa950505 16449->16450 16451 7ff6fa950b08 39 API calls 16450->16451 16452 7ff6fa95051b 16451->16452 16453 7ff6fa95052c 16452->16453 16454 7ff6fa950523 16452->16454 16456 7ff6fa94fc70 _get_daylight 13 API calls 16453->16456 16455 7ff6fa94fc70 _get_daylight 13 API calls 16454->16455 16465 7ff6fa950528 16455->16465 16457 7ff6fa950531 16456->16457 16458 7ff6fa950587 16457->16458 16459 7ff6fa94fc70 _get_daylight 13 API calls 16457->16459 16460 7ff6fa94f95c __vcrt_freefls 14 API calls 16458->16460 16461 7ff6fa95053b 16459->16461 16460->16462 16463 7ff6fa950b08 39 API calls 16461->16463 16462->16445 16463->16465 16464 7ff6fa950575 GetDriveTypeW 16464->16458 16465->16458 16465->16464 16467 7ff6fa950298 16466->16467 16475 7ff6fa94ffce 16467->16475 16490 7ff6fa959f40 16467->16490 16469 7ff6fa95032c 16470 7ff6fa959f40 34 API calls 16469->16470 16469->16475 16471 7ff6fa95033f 16470->16471 16472 7ff6fa959f40 34 API calls 16471->16472 16471->16475 16473 7ff6fa950352 16472->16473 16474 7ff6fa959f40 34 API calls 16473->16474 16473->16475 16474->16475 16476 7ff6fa9503ac 16475->16476 16477 7ff6fa9503c6 16476->16477 16478 7ff6fa9503fe 16477->16478 16479 7ff6fa9503d6 16477->16479 16480 7ff6fa959dd4 23 API calls 16478->16480 16481 7ff6fa94fc00 _fread_nolock 13 API calls 16479->16481 16482 7ff6fa9503e6 16479->16482 16480->16482 16481->16482 16482->16416 16484 7ff6fa9501f7 16483->16484 16485 7ff6fa950204 FileTimeToSystemTime 16483->16485 16484->16485 16487 7ff6fa9501ff 16484->16487 16486 7ff6fa950216 SystemTimeToTzSpecificLocalTime 16485->16486 16485->16487 16486->16487 16488 7ff6fa94a5f0 _wfindfirst32i64 8 API calls 16487->16488 16489 7ff6fa9500ed 16488->16489 16489->16438 16491 7ff6fa959f4d 16490->16491 16495 7ff6fa959f71 16490->16495 16492 7ff6fa959f52 16491->16492 16491->16495 16494 7ff6fa94fc70 _get_daylight 13 API calls 16492->16494 16493 7ff6fa959fab 16496 7ff6fa94fc70 _get_daylight 13 API calls 16493->16496 16498 7ff6fa959f57 16494->16498 16495->16493 16497 7ff6fa959fca 16495->16497 16499 7ff6fa959fb0 16496->16499 16500 7ff6fa94da10 33 API calls 16497->16500 16501 7ff6fa955964 _invalid_parameter_noinfo 30 API calls 16498->16501 16502 7ff6fa955964 _invalid_parameter_noinfo 30 API calls 16499->16502 16505 7ff6fa959fd7 16500->16505 16503 7ff6fa959f62 16501->16503 16504 7ff6fa959fbb 16502->16504 16503->16469 16504->16469 16505->16504 16506 7ff6fa95f87c 34 API calls 16505->16506 16506->16505 16508 7ff6fa94c931 16507->16508 16512 7ff6fa94c941 16507->16512 16509 7ff6fa94fc70 _get_daylight 13 API calls 16508->16509 16510 7ff6fa94c936 16509->16510 16511 7ff6fa955964 _invalid_parameter_noinfo 30 API calls 16510->16511 16511->16512 16512->16374 16514 7ff6fa952fa0 16513->16514 16515 7ff6fa952fbc 16514->16515 16516 7ff6fa952fdd 16514->16516 16517 7ff6fa94fc70 _get_daylight 13 API calls 16515->16517 16532 7ff6fa94fba0 EnterCriticalSection 16516->16532 16519 7ff6fa952fc1 16517->16519 16521 7ff6fa955964 _invalid_parameter_noinfo 30 API calls 16519->16521 16523 7ff6fa952fcb 16521->16523 16523->16364 16534 7ff6fa952a04 16533->16534 16547 7ff6fa952ab7 memcpy_s 16533->16547 16536 7ff6fa952a1b 16534->16536 16537 7ff6fa952ac7 16534->16537 16535 7ff6fa94fc70 _get_daylight 13 API calls 16550 7ff6fa946b10 16535->16550 16569 7ff6fa95af44 EnterCriticalSection 16536->16569 16539 7ff6fa958660 _get_daylight 13 API calls 16537->16539 16537->16547 16541 7ff6fa952ae3 16539->16541 16545 7ff6fa957d90 _fread_nolock 14 API calls 16541->16545 16541->16547 16545->16547 16547->16535 16547->16550 16550->15423 16599 7ff6fa950bbc 16598->16599 16600 7ff6fa950be2 16599->16600 16603 7ff6fa950c15 16599->16603 16601 7ff6fa94fc70 _get_daylight 13 API calls 16600->16601 16602 7ff6fa950be7 16601->16602 16606 7ff6fa955964 _invalid_parameter_noinfo 30 API calls 16602->16606 16604 7ff6fa950c1b 16603->16604 16605 7ff6fa950c28 16603->16605 16607 7ff6fa94fc70 _get_daylight 13 API calls 16604->16607 16617 7ff6fa955be4 16605->16617 16609 7ff6fa943ba9 16606->16609 16607->16609 16609->15512 16630 7ff6fa95af44 EnterCriticalSection 16617->16630 17041 7ff6fa9412f8 17040->17041 17042 7ff6fa9412c6 17040->17042 17046 7ff6fa94132f 17041->17046 17047 7ff6fa94130e 17041->17047 17043 7ff6fa943b50 98 API calls 17042->17043 17044 7ff6fa9412d6 17043->17044 17044->17041 17045 7ff6fa9412de 17044->17045 17048 7ff6fa942760 18 API calls 17045->17048 17052 7ff6fa941364 17046->17052 17053 7ff6fa941344 17046->17053 17049 7ff6fa9424c0 40 API calls 17047->17049 17050 7ff6fa9412ee 17048->17050 17051 7ff6fa941325 17049->17051 17050->15542 17051->15542 17055 7ff6fa94137e 17052->17055 17061 7ff6fa941395 17052->17061 17054 7ff6fa9424c0 40 API calls 17053->17054 17064 7ff6fa94135f 17054->17064 17056 7ff6fa941050 86 API calls 17055->17056 17057 7ff6fa94138f 17056->17057 17062 7ff6fa94f95c __vcrt_freefls 14 API calls 17057->17062 17057->17064 17058 7ff6fa941421 17058->15542 17059 7ff6fa94cbe0 _fread_nolock 46 API calls 17059->17061 17060 7ff6fa94c8c4 64 API calls 17060->17058 17061->17059 17063 7ff6fa9413de 17061->17063 17061->17064 17062->17064 17065 7ff6fa9424c0 40 API calls 17063->17065 17064->17058 17064->17060 17065->17057 17067 7ff6fa9416ab 17066->17067 17068 7ff6fa941669 17066->17068 17067->15555 17068->17067 17069 7ff6fa942760 18 API calls 17068->17069 17070 7ff6fa9416bf 17069->17070 17070->15555 17072 7ff6fa947490 16 API calls 17071->17072 17073 7ff6fa946cb7 LoadLibraryExW 17072->17073 17074 7ff6fa94f95c __vcrt_freefls 14 API calls 17073->17074 17075 7ff6fa945202 17074->17075 17075->15563 17077 7ff6fa944780 17076->17077 17078 7ff6fa9447bb 17077->17078 17081 7ff6fa9447db 17077->17081 17079 7ff6fa942760 18 API calls 17078->17079 17080 7ff6fa9447d1 17079->17080 17083 7ff6fa94a5f0 _wfindfirst32i64 8 API calls 17080->17083 17082 7ff6fa94481a 17081->17082 17085 7ff6fa944832 17081->17085 17086 7ff6fa942760 18 API calls 17081->17086 17156 7ff6fa943ae0 17082->17156 17088 7ff6fa942e7e 17083->17088 17084 7ff6fa944869 17090 7ff6fa946ca0 31 API calls 17084->17090 17085->17084 17089 7ff6fa942760 18 API calls 17085->17089 17086->17082 17088->15637 17098 7ff6fa944af0 17088->17098 17089->17084 17092 7ff6fa944876 17090->17092 17093 7ff6fa94489d 17092->17093 17094 7ff6fa94487b 17092->17094 17162 7ff6fa943c90 GetProcAddress 17093->17162 17095 7ff6fa942610 16 API calls 17094->17095 17095->17080 17097 7ff6fa946ca0 31 API calls 17097->17085 17099 7ff6fa947490 16 API calls 17098->17099 17100 7ff6fa944b12 17099->17100 17101 7ff6fa944b17 17100->17101 17102 7ff6fa944b2e 17100->17102 17103 7ff6fa942760 18 API calls 17101->17103 17105 7ff6fa947490 16 API calls 17102->17105 17104 7ff6fa944b23 17103->17104 17104->15639 17107 7ff6fa944b5c 17105->17107 17106 7ff6fa942760 18 API calls 17108 7ff6fa944cd7 17106->17108 17109 7ff6fa944bde 17107->17109 17110 7ff6fa944c03 17107->17110 17122 7ff6fa944b61 17107->17122 17108->15639 17111 7ff6fa942760 18 API calls 17109->17111 17112 7ff6fa947490 16 API calls 17110->17112 17113 7ff6fa944bf3 17111->17113 17114 7ff6fa944c1c 17112->17114 17113->15639 17114->17122 17266 7ff6fa9448d0 17114->17266 17118 7ff6fa944ca4 17121 7ff6fa94f95c __vcrt_freefls 14 API calls 17118->17121 17119 7ff6fa944c6d 17119->17118 17120 7ff6fa94f95c __vcrt_freefls 14 API calls 17119->17120 17119->17122 17120->17119 17121->17122 17122->17106 17123 7ff6fa944cc0 17122->17123 17123->15639 17125 7ff6fa944557 17124->17125 17125->17125 17126 7ff6fa944579 17125->17126 17134 7ff6fa944590 17125->17134 17127 7ff6fa942760 18 API calls 17126->17127 17128 7ff6fa944585 17127->17128 17128->15641 17129 7ff6fa94465d 17129->15641 17130 7ff6fa941770 18 API calls 17130->17134 17131 7ff6fa9412b0 105 API calls 17131->17134 17132 7ff6fa942760 18 API calls 17132->17134 17133 7ff6fa94f95c __vcrt_freefls 14 API calls 17133->17134 17134->17129 17134->17130 17134->17131 17134->17132 17134->17133 17137 7ff6fa94474d 17135->17137 17138 7ff6fa94468b 17135->17138 17136 7ff6fa941770 18 API calls 17136->17138 17137->15643 17138->17136 17138->17137 17139 7ff6fa942760 18 API calls 17138->17139 17139->17138 17141 7ff6fa9423d9 17140->17141 17142 7ff6fa9423cc 17140->17142 17157 7ff6fa943aea 17156->17157 17158 7ff6fa947490 16 API calls 17157->17158 17159 7ff6fa943b12 17158->17159 17160 7ff6fa94a5f0 _wfindfirst32i64 8 API calls 17159->17160 17161 7ff6fa943b3a 17160->17161 17161->17085 17161->17097 17163 7ff6fa943cd0 GetProcAddress 17162->17163 17164 7ff6fa943cb2 17162->17164 17163->17164 17165 7ff6fa943cf5 GetProcAddress 17163->17165 17166 7ff6fa942610 16 API calls 17164->17166 17165->17164 17167 7ff6fa943d1a GetProcAddress 17165->17167 17168 7ff6fa943cc5 17166->17168 17167->17164 17169 7ff6fa943d42 GetProcAddress 17167->17169 17168->17080 17169->17164 17170 7ff6fa943d6a GetProcAddress 17169->17170 17170->17164 17171 7ff6fa943d92 GetProcAddress 17170->17171 17171->17164 17172 7ff6fa943dba GetProcAddress 17171->17172 17173 7ff6fa943dd6 17172->17173 17174 7ff6fa943de2 GetProcAddress 17172->17174 17173->17174 17175 7ff6fa943e0a GetProcAddress 17174->17175 17176 7ff6fa943dfe 17174->17176 17177 7ff6fa943e26 17175->17177 17178 7ff6fa943e32 GetProcAddress 17175->17178 17176->17175 17177->17178 17179 7ff6fa943e5a GetProcAddress 17178->17179 17180 7ff6fa943e4e 17178->17180 17181 7ff6fa943e76 17179->17181 17182 7ff6fa943e82 GetProcAddress 17179->17182 17180->17179 17181->17182 17183 7ff6fa943eaa GetProcAddress 17182->17183 17184 7ff6fa943e9e 17182->17184 17185 7ff6fa943ec6 17183->17185 17186 7ff6fa943ed2 GetProcAddress 17183->17186 17184->17183 17185->17186 17187 7ff6fa943efa GetProcAddress 17186->17187 17188 7ff6fa943eee 17186->17188 17189 7ff6fa943f16 17187->17189 17190 7ff6fa943f22 GetProcAddress 17187->17190 17188->17187 17189->17190 17191 7ff6fa943f4a GetProcAddress 17190->17191 17192 7ff6fa943f3e 17190->17192 17193 7ff6fa943f66 17191->17193 17194 7ff6fa943f72 GetProcAddress 17191->17194 17192->17191 17193->17194 17195 7ff6fa943f9a GetProcAddress 17194->17195 17196 7ff6fa943f8e 17194->17196 17197 7ff6fa943fb6 17195->17197 17198 7ff6fa943fc2 GetProcAddress 17195->17198 17196->17195 17197->17198 17199 7ff6fa943fea GetProcAddress 17198->17199 17200 7ff6fa943fde 17198->17200 17201 7ff6fa944006 17199->17201 17202 7ff6fa944012 GetProcAddress 17199->17202 17200->17199 17201->17202 17203 7ff6fa94403a GetProcAddress 17202->17203 17204 7ff6fa94402e 17202->17204 17204->17203 17271 7ff6fa9448ea mbstowcs 17266->17271 17267 7ff6fa94a5f0 _wfindfirst32i64 8 API calls 17268 7ff6fa944ab5 17267->17268 17292 7ff6fa947690 17268->17292 17269 7ff6fa941770 18 API calls 17269->17271 17270 7ff6fa9449f8 17272 7ff6fa954c20 _fread_nolock 30 API calls 17270->17272 17278 7ff6fa944a96 17270->17278 17271->17269 17271->17270 17274 7ff6fa944ace 17271->17274 17271->17278 17273 7ff6fa944a0f 17272->17273 17303 7ff6fa950f20 17273->17303 17276 7ff6fa942760 18 API calls 17274->17276 17276->17278 17277 7ff6fa944a1b 17279 7ff6fa954c20 _fread_nolock 30 API calls 17277->17279 17278->17267 17280 7ff6fa944a2d 17279->17280 17281 7ff6fa950f20 32 API calls 17280->17281 17282 7ff6fa944a39 17281->17282 17322 7ff6fa9513f0 17282->17322 17295 7ff6fa9476af 17292->17295 17293 7ff6fa947700 MultiByteToWideChar 17293->17295 17298 7ff6fa94778c 17293->17298 17294 7ff6fa9476b7 17294->17119 17295->17293 17295->17294 17297 7ff6fa947748 MultiByteToWideChar 17295->17297 17295->17298 17296 7ff6fa942610 16 API calls 17299 7ff6fa9477b8 17296->17299 17297->17295 17297->17298 17298->17296 17300 7ff6fa9477d1 17299->17300 17301 7ff6fa94f95c __vcrt_freefls 14 API calls 17299->17301 17302 7ff6fa94f95c __vcrt_freefls 14 API calls 17300->17302 17301->17299 17302->17294 17304 7ff6fa950f79 17303->17304 17305 7ff6fa950f49 17303->17305 17306 7ff6fa950f8b 17304->17306 17307 7ff6fa950f7e 17304->17307 17305->17304 17312 7ff6fa950f69 17305->17312 17309 7ff6fa950ff4 17306->17309 17311 7ff6fa950fbb 17306->17311 17308 7ff6fa94fc70 _get_daylight 13 API calls 17307->17308 17321 7ff6fa950f83 17308->17321 17310 7ff6fa94fc70 _get_daylight 13 API calls 17309->17310 17313 7ff6fa950f6e 17310->17313 17328 7ff6fa952284 EnterCriticalSection 17311->17328 17315 7ff6fa94fc70 _get_daylight 13 API calls 17312->17315 17316 7ff6fa955964 _invalid_parameter_noinfo 30 API calls 17313->17316 17315->17313 17316->17321 17321->17277 17371 7ff6fa94fb4f 17370->17371 17379 7ff6fa959c3c 17371->17379 17392 7ff6fa95af44 EnterCriticalSection 17379->17392 17394 7ff6fa9584e4 33 API calls 17393->17394 17395 7ff6fa954b89 17394->17395 17396 7ff6fa954ca8 33 API calls 17395->17396 17397 7ff6fa954b9f 17396->17397 18247 7ff6fa952650 18252 7ff6fa95af44 EnterCriticalSection 18247->18252 18253 7ff6fa96449d 18256 7ff6fa94fbac LeaveCriticalSection 18253->18256 14233 7ff6fa951dac 14234 7ff6fa951dda 14233->14234 14235 7ff6fa951e13 14233->14235 14237 7ff6fa94fc70 _get_daylight 13 API calls 14234->14237 14235->14234 14236 7ff6fa951e18 FindFirstFileExW 14235->14236 14238 7ff6fa951e3a GetLastError 14236->14238 14239 7ff6fa951e81 14236->14239 14240 7ff6fa951ddf 14237->14240 14241 7ff6fa951e54 14238->14241 14242 7ff6fa951e45 14238->14242 14293 7ff6fa95201c 14239->14293 14243 7ff6fa955964 _invalid_parameter_noinfo 30 API calls 14240->14243 14247 7ff6fa94fc70 _get_daylight 13 API calls 14241->14247 14246 7ff6fa951e71 14242->14246 14250 7ff6fa951e4f 14242->14250 14251 7ff6fa951e61 14242->14251 14248 7ff6fa951dea 14243->14248 14252 7ff6fa94fc70 _get_daylight 13 API calls 14246->14252 14247->14248 14255 7ff6fa94a5f0 _wfindfirst32i64 8 API calls 14248->14255 14249 7ff6fa95201c _wfindfirst32i64 10 API calls 14253 7ff6fa951ea7 14249->14253 14250->14241 14250->14246 14254 7ff6fa94fc70 _get_daylight 13 API calls 14251->14254 14252->14248 14256 7ff6fa95201c _wfindfirst32i64 10 API calls 14253->14256 14254->14248 14257 7ff6fa951dfe 14255->14257 14258 7ff6fa951eb5 14256->14258 14300 7ff6fa95b0d4 14258->14300 14261 7ff6fa951edf 14262 7ff6fa955984 _wfindfirst32i64 17 API calls 14261->14262 14263 7ff6fa951ef3 14262->14263 14264 7ff6fa951f1d 14263->14264 14266 7ff6fa951f5c FindNextFileW 14263->14266 14265 7ff6fa94fc70 _get_daylight 13 API calls 14264->14265 14267 7ff6fa951f22 14265->14267 14268 7ff6fa951f6b GetLastError 14266->14268 14269 7ff6fa951fac 14266->14269 14270 7ff6fa955964 _invalid_parameter_noinfo 30 API calls 14267->14270 14272 7ff6fa951f76 14268->14272 14273 7ff6fa951f85 14268->14273 14271 7ff6fa95201c _wfindfirst32i64 10 API calls 14269->14271 14286 7ff6fa951f2d 14270->14286 14274 7ff6fa951fc4 14271->14274 14275 7ff6fa951f9f 14272->14275 14280 7ff6fa951f92 14272->14280 14281 7ff6fa951f80 14272->14281 14276 7ff6fa94fc70 _get_daylight 13 API calls 14273->14276 14279 7ff6fa95201c _wfindfirst32i64 10 API calls 14274->14279 14278 7ff6fa94fc70 _get_daylight 13 API calls 14275->14278 14276->14286 14277 7ff6fa94a5f0 _wfindfirst32i64 8 API calls 14282 7ff6fa951f40 14277->14282 14278->14286 14283 7ff6fa951fd2 14279->14283 14284 7ff6fa94fc70 _get_daylight 13 API calls 14280->14284 14281->14273 14281->14275 14285 7ff6fa95201c _wfindfirst32i64 10 API calls 14283->14285 14284->14286 14287 7ff6fa951fe0 14285->14287 14286->14277 14288 7ff6fa95b0d4 _wfindfirst32i64 30 API calls 14287->14288 14289 7ff6fa951ffe 14288->14289 14289->14286 14290 7ff6fa952006 14289->14290 14291 7ff6fa955984 _wfindfirst32i64 17 API calls 14290->14291 14292 7ff6fa95201a 14291->14292 14294 7ff6fa95203a FileTimeToSystemTime 14293->14294 14295 7ff6fa952034 14293->14295 14296 7ff6fa952049 SystemTimeToTzSpecificLocalTime 14294->14296 14297 7ff6fa95205f 14294->14297 14295->14294 14295->14297 14296->14297 14298 7ff6fa94a5f0 _wfindfirst32i64 8 API calls 14297->14298 14299 7ff6fa951e99 14298->14299 14299->14249 14301 7ff6fa95b0eb 14300->14301 14302 7ff6fa95b0e1 14300->14302 14303 7ff6fa94fc70 _get_daylight 13 API calls 14301->14303 14302->14301 14307 7ff6fa95b107 14302->14307 14304 7ff6fa95b0f3 14303->14304 14305 7ff6fa955964 _invalid_parameter_noinfo 30 API calls 14304->14305 14306 7ff6fa951ed3 14305->14306 14306->14248 14306->14261 14307->14306 14308 7ff6fa94fc70 _get_daylight 13 API calls 14307->14308 14308->14304 15131 7ff6fa94cca8 15132 7ff6fa94ccca 15131->15132 15133 7ff6fa94cced 15131->15133 15134 7ff6fa94fc70 _get_daylight 13 API calls 15132->15134 15133->15132 15135 7ff6fa94ccf2 15133->15135 15137 7ff6fa94cccf 15134->15137 15144 7ff6fa94fba0 EnterCriticalSection 15135->15144 15139 7ff6fa955964 _invalid_parameter_noinfo 30 API calls 15137->15139 15142 7ff6fa94ccda 15139->15142 17542 7ff6fa954534 17545 7ff6fa9544b8 17542->17545 17552 7ff6fa95af44 EnterCriticalSection 17545->17552 17577 7ff6fa964307 17578 7ff6fa964317 17577->17578 17581 7ff6fa94fbac LeaveCriticalSection 17578->17581 18502 7ff6fa95be94 18513 7ff6fa961960 18502->18513 18514 7ff6fa96198b 18513->18514 18515 7ff6fa9559cc __free_lconv_mon 13 API calls 18514->18515 18516 7ff6fa9619a3 18514->18516 18515->18514 18517 7ff6fa9559cc __free_lconv_mon 13 API calls 18516->18517 18518 7ff6fa95be9d 18516->18518 18517->18516 18519 7ff6fa95af44 EnterCriticalSection 18518->18519

                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                Function 00007FF6FA960010 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 280timeCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 136 7ff6fa960010-7ff6fa960050 call 7ff6fa95f9a0 call 7ff6fa95f9a8 call 7ff6fa95fa10 143 7ff6fa960056-7ff6fa960061 call 7ff6fa95f9b0 136->143 144 7ff6fa96028e-7ff6fa9602d9 call 7ff6fa955984 call 7ff6fa95f9a0 call 7ff6fa95f9a8 call 7ff6fa95fa10 136->144 143->144 150 7ff6fa960067-7ff6fa960071 143->150 169 7ff6fa960417-7ff6fa960485 call 7ff6fa955984 call 7ff6fa95bd60 144->169 170 7ff6fa9602df-7ff6fa9602ea call 7ff6fa95f9b0 144->170 152 7ff6fa960097-7ff6fa96009b 150->152 153 7ff6fa960073-7ff6fa960076 150->153 155 7ff6fa96009e-7ff6fa9600a6 152->155 154 7ff6fa960079-7ff6fa960084 153->154 157 7ff6fa960086-7ff6fa96008d 154->157 158 7ff6fa96008f-7ff6fa960091 154->158 155->155 159 7ff6fa9600a8-7ff6fa9600bb call 7ff6fa957d90 155->159 157->154 157->158 158->152 161 7ff6fa960279-7ff6fa96028d 158->161 166 7ff6fa960271-7ff6fa960274 call 7ff6fa9559cc 159->166 167 7ff6fa9600c1-7ff6fa9600d3 call 7ff6fa9559cc 159->167 166->161 178 7ff6fa9600da-7ff6fa9600e2 167->178 188 7ff6fa960487-7ff6fa96048c 169->188 189 7ff6fa96048e-7ff6fa960491 169->189 170->169 179 7ff6fa9602f0-7ff6fa9602fb call 7ff6fa95f9e0 170->179 178->178 181 7ff6fa9600e4-7ff6fa9600f2 call 7ff6fa95b0d4 178->181 179->169 190 7ff6fa960301-7ff6fa960324 call 7ff6fa9559cc GetTimeZoneInformation 179->190 181->144 191 7ff6fa9600f8-7ff6fa960151 call 7ff6fa94ba40 * 4 call 7ff6fa95ff2c 181->191 193 7ff6fa9604df-7ff6fa9604f1 188->193 194 7ff6fa960498-7ff6fa9604ab call 7ff6fa957d90 189->194 195 7ff6fa960493-7ff6fa960496 189->195 206 7ff6fa96032a-7ff6fa96034b 190->206 207 7ff6fa9603ec-7ff6fa960416 call 7ff6fa95f998 call 7ff6fa95f988 call 7ff6fa95f990 190->207 249 7ff6fa960153-7ff6fa960157 191->249 198 7ff6fa9604f3-7ff6fa9604f6 193->198 199 7ff6fa960502 call 7ff6fa9602a4 193->199 210 7ff6fa9604ad 194->210 211 7ff6fa9604b6-7ff6fa9604d1 call 7ff6fa95bd60 194->211 195->193 198->199 203 7ff6fa9604f8-7ff6fa960500 call 7ff6fa960010 198->203 212 7ff6fa960507-7ff6fa960533 call 7ff6fa9559cc call 7ff6fa94a5f0 199->212 203->212 213 7ff6fa96034d-7ff6fa960353 206->213 214 7ff6fa960356-7ff6fa96035d 206->214 218 7ff6fa9604af-7ff6fa9604b4 call 7ff6fa9559cc 210->218 236 7ff6fa9604d8-7ff6fa9604da call 7ff6fa9559cc 211->236 237 7ff6fa9604d3-7ff6fa9604d6 211->237 213->214 220 7ff6fa96035f-7ff6fa960367 214->220 221 7ff6fa960371 214->221 218->195 220->221 228 7ff6fa960369-7ff6fa96036f 220->228 230 7ff6fa960373-7ff6fa9603e7 call 7ff6fa94ba40 * 4 call 7ff6fa95d20c call 7ff6fa960534 * 2 221->230 228->230 230->207 236->193 237->218 251 7ff6fa96015d-7ff6fa960161 249->251 252 7ff6fa960159 249->252 251->249 254 7ff6fa960163-7ff6fa96018a call 7ff6fa957e1c 251->254 252->251 259 7ff6fa96018d-7ff6fa960191 254->259 261 7ff6fa960193-7ff6fa96019e 259->261 262 7ff6fa9601a0-7ff6fa9601a4 259->262 261->262 264 7ff6fa9601a6-7ff6fa9601aa 261->264 262->259 266 7ff6fa96022b-7ff6fa960230 264->266 267 7ff6fa9601ac-7ff6fa9601d4 call 7ff6fa957e1c 264->267 269 7ff6fa960237-7ff6fa960244 266->269 270 7ff6fa960232-7ff6fa960234 266->270 276 7ff6fa9601d6 267->276 277 7ff6fa9601f2-7ff6fa9601f6 267->277 272 7ff6fa960246-7ff6fa96025d call 7ff6fa95ff2c 269->272 273 7ff6fa960260-7ff6fa96026f call 7ff6fa95f998 call 7ff6fa95f988 269->273 270->269 272->273 273->166 281 7ff6fa9601d9-7ff6fa9601e0 276->281 277->266 279 7ff6fa9601f8-7ff6fa960216 call 7ff6fa957e1c 277->279 288 7ff6fa960222-7ff6fa960229 279->288 281->277 284 7ff6fa9601e2-7ff6fa9601f0 281->284 284->277 284->281 288->266 289 7ff6fa960218-7ff6fa96021c 288->289 289->266 290 7ff6fa96021e 289->290 290->288
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _get_daylight$_invalid_parameter_noinfo$InformationTimeZone
                                                                                                                                                                                                                • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                • API String ID: 435049134-239921721
                                                                                                                                                                                                                • Opcode ID: 58cdc8587cf83bd56faf21a3990621100b965ba913e33c42328a1e7fc78fe5cb
                                                                                                                                                                                                                • Instruction ID: e7e6d02c836bcddddaf44b2e0cadec40e8383f60ec113c47e50cec0ee02f4222
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 58cdc8587cf83bd56faf21a3990621100b965ba913e33c42328a1e7fc78fe5cb
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4CB1F226A2860286E720DF26D8915BA67A0FF85794F408175EE6DC7BD7FF3CE4418780
                                                                                                                                                                                                                Function 00007FF6FA9462D0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 139COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetTempPathW.KERNEL32(?,00000000,?,00007FF6FA94629D), ref: 00007FF6FA94636A
                                                                                                                                                                                                                  • Part of subcall function 00007FF6FA9464E0: GetEnvironmentVariableW.KERNEL32(00007FF6FA943589), ref: 00007FF6FA94651A
                                                                                                                                                                                                                  • Part of subcall function 00007FF6FA9464E0: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6FA946537
                                                                                                                                                                                                                  • Part of subcall function 00007FF6FA951D4C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6FA951D65
                                                                                                                                                                                                                • SetEnvironmentVariableW.KERNEL32(?,TokenIntegrityLevel), ref: 00007FF6FA946421
                                                                                                                                                                                                                  • Part of subcall function 00007FF6FA942760: MessageBoxW.USER32 ref: 00007FF6FA942831
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Environment$Variable$ExpandMessagePathStringsTemp_invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                                                                                                                                                                • API String ID: 3752271684-1116378104
                                                                                                                                                                                                                • Opcode ID: 89f4f13dd664ba0bc340b41257361aab39224dec25ee424ed108af5fde1da387
                                                                                                                                                                                                                • Instruction ID: 28b5740d04768dcd5dbd77e2e8b8cebab3a51a58d47dae6174975aa822a9dab3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 89f4f13dd664ba0bc340b41257361aab39224dec25ee424ed108af5fde1da387
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B8517A51B3864354FF58A726A9252BA6291BF89BC0F4494B1ED3ECBBD7FD2CE4018350
                                                                                                                                                                                                                Function 00007FF6FA9602A4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 149timeCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 781 7ff6fa9602a4-7ff6fa9602d9 call 7ff6fa95f9a0 call 7ff6fa95f9a8 call 7ff6fa95fa10 788 7ff6fa960417-7ff6fa960485 call 7ff6fa955984 call 7ff6fa95bd60 781->788 789 7ff6fa9602df-7ff6fa9602ea call 7ff6fa95f9b0 781->789 800 7ff6fa960487-7ff6fa96048c 788->800 801 7ff6fa96048e-7ff6fa960491 788->801 789->788 794 7ff6fa9602f0-7ff6fa9602fb call 7ff6fa95f9e0 789->794 794->788 802 7ff6fa960301-7ff6fa960324 call 7ff6fa9559cc GetTimeZoneInformation 794->802 803 7ff6fa9604df-7ff6fa9604f1 800->803 804 7ff6fa960498-7ff6fa9604ab call 7ff6fa957d90 801->804 805 7ff6fa960493-7ff6fa960496 801->805 814 7ff6fa96032a-7ff6fa96034b 802->814 815 7ff6fa9603ec-7ff6fa960416 call 7ff6fa95f998 call 7ff6fa95f988 call 7ff6fa95f990 802->815 807 7ff6fa9604f3-7ff6fa9604f6 803->807 808 7ff6fa960502 call 7ff6fa9602a4 803->808 817 7ff6fa9604ad 804->817 818 7ff6fa9604b6-7ff6fa9604d1 call 7ff6fa95bd60 804->818 805->803 807->808 811 7ff6fa9604f8-7ff6fa960500 call 7ff6fa960010 807->811 819 7ff6fa960507-7ff6fa960533 call 7ff6fa9559cc call 7ff6fa94a5f0 808->819 811->819 820 7ff6fa96034d-7ff6fa960353 814->820 821 7ff6fa960356-7ff6fa96035d 814->821 824 7ff6fa9604af-7ff6fa9604b4 call 7ff6fa9559cc 817->824 840 7ff6fa9604d8-7ff6fa9604da call 7ff6fa9559cc 818->840 841 7ff6fa9604d3-7ff6fa9604d6 818->841 820->821 826 7ff6fa96035f-7ff6fa960367 821->826 827 7ff6fa960371 821->827 824->805 826->827 833 7ff6fa960369-7ff6fa96036f 826->833 835 7ff6fa960373-7ff6fa9603e7 call 7ff6fa94ba40 * 4 call 7ff6fa95d20c call 7ff6fa960534 * 2 827->835 833->835 835->815 840->803 841->824
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _get_daylight_invalid_parameter_noinfo$FreeHeapInformationTimeZone
                                                                                                                                                                                                                • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                • API String ID: 428190724-239921721
                                                                                                                                                                                                                • Opcode ID: 55e869582554ddb5549c8990e86a244669a00d33a611132a5f4e4556225478bd
                                                                                                                                                                                                                • Instruction ID: e2365d3fadf0196221a554155ebef2fa04e7546634a61a7d2c35d888de1792ed
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 55e869582554ddb5549c8990e86a244669a00d33a611132a5f4e4556225478bd
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B7616036A2864286E720DF25D5915B967A0FF49794F8081B5EA6DC3BD7FF3CE4008740
                                                                                                                                                                                                                Function 00007FF6FA95B13C Relevance: 1.9, APIs: 1, Instructions: 439COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 25ffa3ad9a6848d6b15a33b5fbcc7b2dc7f8eca4e988235b3d8984f97c270caa
                                                                                                                                                                                                                • Instruction ID: 830e60922477b51f0828b2bb04d0f41be96f02445d13e54c663d40a602179f16
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 25ffa3ad9a6848d6b15a33b5fbcc7b2dc7f8eca4e988235b3d8984f97c270caa
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6E029C21A3E74748FB659B29E40227926D4AF01BA2F5446B5DE7DCA7D3FE3DE8018310
                                                                                                                                                                                                                Function 00007FF6FA9417A0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 144COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _fread_nolock$Message_invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                                                                                                                                                                                • API String ID: 2153230061-4158440160
                                                                                                                                                                                                                • Opcode ID: 320f3964a2904e40c61c5f8f551b81845132cf9ff697b3714dfa5a7d511f77b3
                                                                                                                                                                                                                • Instruction ID: defb56315fec42a75b6c0a945ec578e9e7ba8dde645a39b052b0fe70ce9e0377
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 320f3964a2904e40c61c5f8f551b81845132cf9ff697b3714dfa5a7d511f77b3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E512972A29A0686EB54CF29E45017863A0FF88B58B658176DE3DC77DAEF3CE444C740
                                                                                                                                                                                                                Function 00007FF6FA941440 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 133COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 53 7ff6fa941440-7ff6fa941457 call 7ff6fa946270 56 7ff6fa941459-7ff6fa941461 53->56 57 7ff6fa941462-7ff6fa941485 call 7ff6fa946590 53->57 60 7ff6fa9414a7-7ff6fa9414ad 57->60 61 7ff6fa941487-7ff6fa9414a2 call 7ff6fa9424c0 57->61 63 7ff6fa9414e0-7ff6fa9414f4 call 7ff6fa94ceb0 60->63 64 7ff6fa9414af-7ff6fa9414ba call 7ff6fa943b50 60->64 70 7ff6fa941635-7ff6fa941647 61->70 72 7ff6fa941516-7ff6fa94151a 63->72 73 7ff6fa9414f6-7ff6fa941511 call 7ff6fa9424c0 63->73 68 7ff6fa9414bf-7ff6fa9414c5 64->68 68->63 71 7ff6fa9414c7-7ff6fa9414db call 7ff6fa942760 68->71 83 7ff6fa941617-7ff6fa94161d 71->83 76 7ff6fa94151c-7ff6fa941528 call 7ff6fa941050 72->76 77 7ff6fa941534-7ff6fa941554 call 7ff6fa94f970 72->77 73->83 84 7ff6fa94152d-7ff6fa94152f 76->84 85 7ff6fa941556-7ff6fa941570 call 7ff6fa9424c0 77->85 86 7ff6fa941575-7ff6fa94157b 77->86 87 7ff6fa94162b-7ff6fa94162e call 7ff6fa94c8c4 83->87 88 7ff6fa94161f call 7ff6fa94c8c4 83->88 84->83 99 7ff6fa94160d-7ff6fa941612 85->99 90 7ff6fa941581-7ff6fa941586 86->90 91 7ff6fa941605-7ff6fa941608 call 7ff6fa94f95c 86->91 98 7ff6fa941633 87->98 97 7ff6fa941624 88->97 96 7ff6fa941590-7ff6fa9415b2 call 7ff6fa94cbe0 90->96 91->99 102 7ff6fa9415e5-7ff6fa9415ec 96->102 103 7ff6fa9415b4-7ff6fa9415cc call 7ff6fa94d108 96->103 97->87 98->70 99->83 104 7ff6fa9415f3-7ff6fa9415fb call 7ff6fa9424c0 102->104 109 7ff6fa9415ce-7ff6fa9415d1 103->109 110 7ff6fa9415d5-7ff6fa9415e3 103->110 111 7ff6fa941600 104->111 109->96 112 7ff6fa9415d3 109->112 110->104 111->91 112->111
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                                • API String ID: 0-666925554
                                                                                                                                                                                                                • Opcode ID: 05b8cbc74cc50b7cd9cbad9e19d50902b192279eb8d66a9115f7bb2ad8a5f9e6
                                                                                                                                                                                                                • Instruction ID: 90d87a5542e5a6e2143f3d0d9afce207adf62d8bc7791c8dda705baee1cde582
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 05b8cbc74cc50b7cd9cbad9e19d50902b192279eb8d66a9115f7bb2ad8a5f9e6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD516661B2864285FB20DB26E4506B96354BF46B98F5485B2DE3DC7BE7FE2CE544C300
                                                                                                                                                                                                                Function 00007FF6FA947300 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
                                                                                                                                                                                                                • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                                                                                                                                                                • API String ID: 4998090-2855260032
                                                                                                                                                                                                                • Opcode ID: f515d8a4910595a1e5bf26f4997a76020f6f15d78e07488f804649bbdff88515
                                                                                                                                                                                                                • Instruction ID: 1b92f1439c7d355eb561aaf7064f1809fb308d07935caecb451c2e428727f6b8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f515d8a4910595a1e5bf26f4997a76020f6f15d78e07488f804649bbdff88515
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D3418F3262868682EB509F11F8506AA63A1FF85790F444271EE7EC7BD6EF3CE408C740
                                                                                                                                                                                                                Function 00007FF6FA960F7C Relevance: 13.8, APIs: 9, Instructions: 273fileCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 291 7ff6fa960f7c-7ff6fa960fef call 7ff6fa960cac 294 7ff6fa961009-7ff6fa961013 call 7ff6fa952394 291->294 295 7ff6fa960ff1-7ff6fa960ffa call 7ff6fa94fc50 291->295 300 7ff6fa961015-7ff6fa96102c call 7ff6fa94fc50 call 7ff6fa94fc70 294->300 301 7ff6fa96102e-7ff6fa961097 CreateFileW 294->301 302 7ff6fa960ffd-7ff6fa961004 call 7ff6fa94fc70 295->302 300->302 304 7ff6fa961099-7ff6fa96109f 301->304 305 7ff6fa961114-7ff6fa96111f GetFileType 301->305 318 7ff6fa961342-7ff6fa961362 302->318 308 7ff6fa9610e1-7ff6fa96110f GetLastError call 7ff6fa94fc00 304->308 309 7ff6fa9610a1-7ff6fa9610a5 304->309 311 7ff6fa961172-7ff6fa961179 305->311 312 7ff6fa961121-7ff6fa96115c GetLastError call 7ff6fa94fc00 CloseHandle 305->312 308->302 309->308 316 7ff6fa9610a7-7ff6fa9610df CreateFileW 309->316 314 7ff6fa96117b-7ff6fa96117f 311->314 315 7ff6fa961181-7ff6fa961184 311->315 312->302 325 7ff6fa961162-7ff6fa96116d call 7ff6fa94fc70 312->325 322 7ff6fa96118a-7ff6fa9611db call 7ff6fa9522ac 314->322 315->322 323 7ff6fa961186 315->323 316->305 316->308 330 7ff6fa9611fa-7ff6fa96122a call 7ff6fa960a18 322->330 331 7ff6fa9611dd-7ff6fa9611e9 call 7ff6fa960eb8 322->331 323->322 325->302 336 7ff6fa9611ed-7ff6fa9611f5 call 7ff6fa955b24 330->336 337 7ff6fa96122c-7ff6fa96126f 330->337 331->330 338 7ff6fa9611eb 331->338 336->318 340 7ff6fa961291-7ff6fa96129c 337->340 341 7ff6fa961271-7ff6fa961275 337->341 338->336 344 7ff6fa9612a2-7ff6fa9612a6 340->344 345 7ff6fa961340 340->345 341->340 343 7ff6fa961277-7ff6fa96128c 341->343 343->340 344->345 346 7ff6fa9612ac-7ff6fa9612f1 CloseHandle CreateFileW 344->346 345->318 347 7ff6fa961326-7ff6fa96133b 346->347 348 7ff6fa9612f3-7ff6fa961321 GetLastError call 7ff6fa94fc00 call 7ff6fa9524d4 346->348 347->345 348->347
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1330151763-0
                                                                                                                                                                                                                • Opcode ID: d121c7e434188e1b59c11ae7c5eb2a34e011b9b37a129bdee774847c0c4b5b89
                                                                                                                                                                                                                • Instruction ID: e0b5130a3716fcae8ffb6af5ebbae5216b514bc4e6912f27ec77b9c4d3460e28
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d121c7e434188e1b59c11ae7c5eb2a34e011b9b37a129bdee774847c0c4b5b89
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3FC1AF37B28A428AEB10CF69C4916AC3765FB4AB98B114275DE2ED77D6EF38D051C340
                                                                                                                                                                                                                Function 00007FF6FA941000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 274COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 353 7ff6fa941000-7ff6fa943528 call 7ff6fa94c838 call 7ff6fa94c830 call 7ff6fa9470f0 call 7ff6fa94c830 call 7ff6fa94a620 call 7ff6fa94fb30 call 7ff6fa9506c8 call 7ff6fa941ae0 371 7ff6fa94363c 353->371 372 7ff6fa94352e-7ff6fa94353d call 7ff6fa943a40 353->372 373 7ff6fa943641-7ff6fa943661 call 7ff6fa94a5f0 371->373 372->371 378 7ff6fa943543-7ff6fa943556 call 7ff6fa943910 372->378 378->371 381 7ff6fa94355c-7ff6fa94356f call 7ff6fa9439c0 378->381 381->371 384 7ff6fa943575-7ff6fa94359c call 7ff6fa9464e0 381->384 387 7ff6fa9435de-7ff6fa943606 call 7ff6fa946a80 call 7ff6fa9419c0 384->387 388 7ff6fa94359e-7ff6fa9435ad call 7ff6fa9464e0 384->388 399 7ff6fa94360c-7ff6fa943622 call 7ff6fa9419c0 387->399 400 7ff6fa9436ef-7ff6fa943700 387->400 388->387 394 7ff6fa9435af-7ff6fa9435b5 388->394 396 7ff6fa9435b7-7ff6fa9435bf 394->396 397 7ff6fa9435c1-7ff6fa9435db call 7ff6fa94f95c call 7ff6fa946a80 394->397 396->397 397->387 412 7ff6fa943624-7ff6fa943637 call 7ff6fa942760 399->412 413 7ff6fa943662-7ff6fa943665 399->413 402 7ff6fa943715-7ff6fa94372d call 7ff6fa947490 400->402 403 7ff6fa943702-7ff6fa94370c call 7ff6fa943040 400->403 417 7ff6fa943740-7ff6fa943747 SetDllDirectoryW 402->417 418 7ff6fa94372f-7ff6fa94373b call 7ff6fa942760 402->418 415 7ff6fa94374d-7ff6fa94375a call 7ff6fa9459d0 403->415 416 7ff6fa94370e 403->416 412->371 413->400 414 7ff6fa94366b-7ff6fa943682 call 7ff6fa943b50 413->414 428 7ff6fa943689-7ff6fa9436b5 call 7ff6fa946cf0 414->428 429 7ff6fa943684-7ff6fa943687 414->429 426 7ff6fa9437a8-7ff6fa9437ad call 7ff6fa945950 415->426 427 7ff6fa94375c-7ff6fa94376c call 7ff6fa9456b0 415->427 416->402 417->415 418->371 434 7ff6fa9437b2-7ff6fa9437b5 426->434 427->426 440 7ff6fa94376e-7ff6fa94377d call 7ff6fa945260 427->440 441 7ff6fa9436b7-7ff6fa9436bf call 7ff6fa94c8c4 428->441 442 7ff6fa9436df-7ff6fa9436ed 428->442 431 7ff6fa9436c4-7ff6fa9436da call 7ff6fa942760 429->431 431->371 438 7ff6fa943866-7ff6fa943875 call 7ff6fa942ed0 434->438 439 7ff6fa9437bb-7ff6fa9437c8 434->439 438->371 457 7ff6fa94387b-7ff6fa9438b2 call 7ff6fa946a10 call 7ff6fa9464e0 call 7ff6fa945050 438->457 444 7ff6fa9437d0-7ff6fa9437da 439->444 455 7ff6fa94377f-7ff6fa94378b call 7ff6fa9451f0 440->455 456 7ff6fa94379e-7ff6fa9437a3 call 7ff6fa9454d0 440->456 441->431 442->403 448 7ff6fa9437dc-7ff6fa9437e1 444->448 449 7ff6fa9437e3-7ff6fa9437e5 444->449 448->444 448->449 453 7ff6fa9437e7-7ff6fa94380a call 7ff6fa941b20 449->453 454 7ff6fa943831-7ff6fa943861 call 7ff6fa943030 call 7ff6fa942e70 call 7ff6fa943020 call 7ff6fa9454d0 call 7ff6fa945950 449->454 453->371 467 7ff6fa943810-7ff6fa94381b 453->467 454->373 455->456 468 7ff6fa94378d-7ff6fa94379c call 7ff6fa945860 455->468 456->426 457->371 481 7ff6fa9438b8-7ff6fa9438ed call 7ff6fa943030 call 7ff6fa946ac0 call 7ff6fa9454d0 call 7ff6fa945950 457->481 471 7ff6fa943820-7ff6fa94382f 467->471 468->434 471->454 471->471 493 7ff6fa9438f7-7ff6fa9438fa call 7ff6fa941aa0 481->493 494 7ff6fa9438ef-7ff6fa9438f2 call 7ff6fa946780 481->494 497 7ff6fa9438ff-7ff6fa943901 493->497 494->493 497->373
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00007FF6FA943A40: GetModuleFileNameW.KERNEL32(?,00007FF6FA94353B), ref: 00007FF6FA943A71
                                                                                                                                                                                                                • SetDllDirectoryW.KERNEL32 ref: 00007FF6FA943747
                                                                                                                                                                                                                  • Part of subcall function 00007FF6FA9464E0: GetEnvironmentVariableW.KERNEL32(00007FF6FA943589), ref: 00007FF6FA94651A
                                                                                                                                                                                                                  • Part of subcall function 00007FF6FA9464E0: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6FA946537
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                                                                                                                                                                                • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                                                                                • API String ID: 2344891160-3602715111
                                                                                                                                                                                                                • Opcode ID: caa9f187c07c7c41c999412a3a1723539e7f86d7b35eb7c7cdeaf40149b7c97a
                                                                                                                                                                                                                • Instruction ID: 38395ad110764fe2b34843a0a6e57ff23a8a336a6b5fc49aec3f56d0f8e968f1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: caa9f187c07c7c41c999412a3a1723539e7f86d7b35eb7c7cdeaf40149b7c97a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F0B15B61A3868355FF64AB3194512BE6294BF84784F8080B6EE7DC77DBFE2CE6058740
                                                                                                                                                                                                                Function 00007FF6FA941050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 498 7ff6fa941050-7ff6fa9410ab call 7ff6fa949350 501 7ff6fa9410ad-7ff6fa9410d2 call 7ff6fa942760 498->501 502 7ff6fa9410d3-7ff6fa9410eb call 7ff6fa94f970 498->502 507 7ff6fa941109-7ff6fa941119 call 7ff6fa94f970 502->507 508 7ff6fa9410ed-7ff6fa941104 call 7ff6fa9424c0 502->508 514 7ff6fa941137-7ff6fa941147 507->514 515 7ff6fa94111b-7ff6fa941132 call 7ff6fa9424c0 507->515 513 7ff6fa94126c-7ff6fa941281 call 7ff6fa949040 call 7ff6fa94f95c * 2 508->513 531 7ff6fa941286-7ff6fa9412a0 513->531 516 7ff6fa941150-7ff6fa941175 call 7ff6fa94cbe0 514->516 515->513 524 7ff6fa94117b-7ff6fa941185 call 7ff6fa94c954 516->524 525 7ff6fa94125e 516->525 524->525 532 7ff6fa94118b-7ff6fa941197 524->532 527 7ff6fa941264 525->527 527->513 533 7ff6fa9411a0-7ff6fa9411c8 call 7ff6fa947810 532->533 536 7ff6fa9411ca-7ff6fa9411cd 533->536 537 7ff6fa941241-7ff6fa94125c call 7ff6fa942760 533->537 538 7ff6fa94123c 536->538 539 7ff6fa9411cf-7ff6fa9411d9 536->539 537->527 538->537 542 7ff6fa9411db-7ff6fa9411e8 call 7ff6fa94d108 539->542 543 7ff6fa941203-7ff6fa941206 539->543 549 7ff6fa9411ed-7ff6fa9411f0 542->549 544 7ff6fa941219-7ff6fa94121e 543->544 545 7ff6fa941208-7ff6fa941216 call 7ff6fa94b390 543->545 544->533 548 7ff6fa941220-7ff6fa941223 544->548 545->544 553 7ff6fa941237-7ff6fa94123a 548->553 554 7ff6fa941225-7ff6fa941228 548->554 550 7ff6fa9411fe-7ff6fa941201 549->550 551 7ff6fa9411f2-7ff6fa9411fc call 7ff6fa94c954 549->551 550->537 551->544 551->550 553->527 554->537 556 7ff6fa94122a-7ff6fa941232 554->556 556->516
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Message
                                                                                                                                                                                                                • String ID: 1.2.11$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                • API String ID: 2030045667-1060636955
                                                                                                                                                                                                                • Opcode ID: 025fd8c7b388894595fd09875063e8166dd59f355302fd29ded6a1203f7eb82c
                                                                                                                                                                                                                • Instruction ID: 38c64c2140a2cad4844d4fd80a6939947afc3633b25f8ec1d05a15b91a5f8be3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 025fd8c7b388894595fd09875063e8166dd59f355302fd29ded6a1203f7eb82c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: AA51DE22A2868285EB609B51E4403BA6291FF85794F5481B2EE7EC77D7FF3CE404C340
                                                                                                                                                                                                                Function 00007FF6FA946AC0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 93processsynchronizationCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00007FF6FA947490: MultiByteToWideChar.KERNEL32 ref: 00007FF6FA9474CA
                                                                                                                                                                                                                  • Part of subcall function 00007FF6FA9529DC: SetConsoleCtrlHandler.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF6FA954CC0), ref: 00007FF6FA952A49
                                                                                                                                                                                                                  • Part of subcall function 00007FF6FA9529DC: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF6FA954CC0), ref: 00007FF6FA952A64
                                                                                                                                                                                                                • GetStartupInfoW.KERNEL32 ref: 00007FF6FA946B47
                                                                                                                                                                                                                  • Part of subcall function 00007FF6FA954C20: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6FA954C34
                                                                                                                                                                                                                  • Part of subcall function 00007FF6FA952590: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6FA9525F7
                                                                                                                                                                                                                • GetCommandLineW.KERNEL32 ref: 00007FF6FA946BCF
                                                                                                                                                                                                                • CreateProcessW.KERNELBASE ref: 00007FF6FA946C11
                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32 ref: 00007FF6FA946C25
                                                                                                                                                                                                                • GetExitCodeProcess.KERNELBASE ref: 00007FF6FA946C35
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlErrorExitHandlerInfoLastLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                                                • String ID: CreateProcessW$Error creating child process!
                                                                                                                                                                                                                • API String ID: 1742298069-3524285272
                                                                                                                                                                                                                • Opcode ID: 34d3020eba07ba2d97dcf2fb01128670c0ea838258e1194f51c279e9e3a7fdcb
                                                                                                                                                                                                                • Instruction ID: dc5b00b76fe489c3f02791de5159eda89b67be00343991f796ab0891632504bc
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 34d3020eba07ba2d97dcf2fb01128670c0ea838258e1194f51c279e9e3a7fdcb
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 32415132A2C78286E710DB64E4512AAB3A0FF95350F004576EAADC3BD6FF7CD0558B40
                                                                                                                                                                                                                Function 00007FF6FA956408 Relevance: 10.8, APIs: 7, Instructions: 291COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 668 7ff6fa956408-7ff6fa95642e 669 7ff6fa956449-7ff6fa95644d 668->669 670 7ff6fa956430-7ff6fa956444 call 7ff6fa94fc50 call 7ff6fa94fc70 668->670 672 7ff6fa95682c-7ff6fa956838 call 7ff6fa94fc50 call 7ff6fa94fc70 669->672 673 7ff6fa956453-7ff6fa95645a 669->673 688 7ff6fa956843 670->688 690 7ff6fa95683e call 7ff6fa955964 672->690 673->672 675 7ff6fa956460-7ff6fa956492 673->675 675->672 678 7ff6fa956498-7ff6fa95649f 675->678 682 7ff6fa9564b8-7ff6fa9564bb 678->682 683 7ff6fa9564a1-7ff6fa9564b3 call 7ff6fa94fc50 call 7ff6fa94fc70 678->683 686 7ff6fa956828-7ff6fa95682a 682->686 687 7ff6fa9564c1-7ff6fa9564c3 682->687 683->690 691 7ff6fa956846-7ff6fa95685d 686->691 687->686 692 7ff6fa9564c9-7ff6fa9564cc 687->692 688->691 690->688 692->683 695 7ff6fa9564ce-7ff6fa9564f4 692->695 697 7ff6fa9564f6-7ff6fa9564f9 695->697 698 7ff6fa956533-7ff6fa95653b 695->698 701 7ff6fa9564fb-7ff6fa956503 697->701 702 7ff6fa956521-7ff6fa95652e 697->702 699 7ff6fa95653d-7ff6fa956565 call 7ff6fa957d90 call 7ff6fa9559cc * 2 698->699 700 7ff6fa956505-7ff6fa95651c call 7ff6fa94fc50 call 7ff6fa94fc70 call 7ff6fa955964 698->700 731 7ff6fa956567-7ff6fa95657d call 7ff6fa94fc70 call 7ff6fa94fc50 699->731 732 7ff6fa956582-7ff6fa9565b3 call 7ff6fa956b60 699->732 729 7ff6fa9566bc 700->729 701->700 701->702 703 7ff6fa9565b7-7ff6fa9565ca 702->703 706 7ff6fa9565cc-7ff6fa9565d4 703->706 707 7ff6fa956646-7ff6fa956650 call 7ff6fa95dda0 703->707 706->707 710 7ff6fa9565d6-7ff6fa9565d8 706->710 720 7ff6fa9566da 707->720 721 7ff6fa956656-7ff6fa95666b 707->721 710->707 714 7ff6fa9565da-7ff6fa9565f1 710->714 714->707 718 7ff6fa9565f3-7ff6fa9565ff 714->718 718->707 725 7ff6fa956601-7ff6fa956603 718->725 727 7ff6fa9566df-7ff6fa9566ff ReadFile 720->727 721->720 723 7ff6fa95666d-7ff6fa95667f GetConsoleMode 721->723 723->720 728 7ff6fa956681-7ff6fa956689 723->728 725->707 730 7ff6fa956605-7ff6fa95661d 725->730 733 7ff6fa9567f2-7ff6fa9567fb GetLastError 727->733 734 7ff6fa956705-7ff6fa95670d 727->734 728->727 736 7ff6fa95668b-7ff6fa9566ad ReadConsoleW 728->736 739 7ff6fa9566bf-7ff6fa9566c9 call 7ff6fa9559cc 729->739 730->707 740 7ff6fa95661f-7ff6fa95662b 730->740 731->729 732->703 737 7ff6fa9567fd-7ff6fa956813 call 7ff6fa94fc70 call 7ff6fa94fc50 733->737 738 7ff6fa956818-7ff6fa95681b 733->738 734->733 742 7ff6fa956713 734->742 744 7ff6fa9566ce-7ff6fa9566d8 736->744 745 7ff6fa9566af GetLastError 736->745 737->729 749 7ff6fa9566b5-7ff6fa9566b7 call 7ff6fa94fc00 738->749 750 7ff6fa956821-7ff6fa956823 738->750 739->691 740->707 748 7ff6fa95662d-7ff6fa95662f 740->748 752 7ff6fa95671a-7ff6fa95672f 742->752 744->752 745->749 748->707 757 7ff6fa956631-7ff6fa956641 748->757 749->729 750->739 752->739 753 7ff6fa956731-7ff6fa95673c 752->753 759 7ff6fa956763-7ff6fa95676b 753->759 760 7ff6fa95673e-7ff6fa956757 call 7ff6fa955fcc 753->760 757->707 764 7ff6fa95676d-7ff6fa95677f 759->764 765 7ff6fa9567e0-7ff6fa9567ed call 7ff6fa955d84 759->765 768 7ff6fa95675c-7ff6fa95675e 760->768 769 7ff6fa9567d3-7ff6fa9567db 764->769 770 7ff6fa956781 764->770 765->768 768->739 769->739 772 7ff6fa956786-7ff6fa95678d 770->772 773 7ff6fa9567c9-7ff6fa9567cd 772->773 774 7ff6fa95678f-7ff6fa956793 772->774 773->769 775 7ff6fa956795-7ff6fa95679c 774->775 776 7ff6fa9567af 774->776 775->776 777 7ff6fa95679e-7ff6fa9567a2 775->777 778 7ff6fa9567b5-7ff6fa9567c5 776->778 777->776 779 7ff6fa9567a4-7ff6fa9567ad 777->779 778->772 780 7ff6fa9567c7 778->780 779->778 780->769
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                • Opcode ID: ebd7444367072219966275c470e2b77938e3cc8ba9916451fa94e3284f505fc6
                                                                                                                                                                                                                • Instruction ID: 9933492e775859d3b17754f5ede3b98bb09490f370c2e29d59ae52f2aecdf004
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ebd7444367072219966275c470e2b77938e3cc8ba9916451fa94e3284f505fc6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53C1AF22A2C74749EB605B1990422B97BE1FB80B82F4941B1DB7DC77D3EE7CE4558740
                                                                                                                                                                                                                Function 00007FF6FA957748 Relevance: 7.7, APIs: 5, Instructions: 202COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 858 7ff6fa957748-7ff6fa95776d 859 7ff6fa957773-7ff6fa957776 858->859 860 7ff6fa957a11 858->860 861 7ff6fa957797-7ff6fa9577be 859->861 862 7ff6fa957778-7ff6fa957792 call 7ff6fa94fc50 call 7ff6fa94fc70 call 7ff6fa955964 859->862 863 7ff6fa957a13-7ff6fa957a2a 860->863 864 7ff6fa9577c9-7ff6fa9577cf 861->864 865 7ff6fa9577c0-7ff6fa9577c7 861->865 862->863 867 7ff6fa9577df-7ff6fa9577ed call 7ff6fa95dda0 864->867 868 7ff6fa9577d1-7ff6fa9577da call 7ff6fa956b60 864->868 865->862 865->864 875 7ff6fa9577f3-7ff6fa957803 867->875 876 7ff6fa9578fe-7ff6fa95790e 867->876 868->867 875->876 880 7ff6fa957809-7ff6fa95781c call 7ff6fa9584e4 875->880 878 7ff6fa95795d-7ff6fa957982 WriteFile 876->878 879 7ff6fa957910-7ff6fa957915 876->879 885 7ff6fa95798d 878->885 886 7ff6fa957984-7ff6fa95798a GetLastError 878->886 882 7ff6fa957917-7ff6fa95791a 879->882 883 7ff6fa957949-7ff6fa95795b call 7ff6fa9572cc 879->883 897 7ff6fa957834-7ff6fa957850 GetConsoleMode 880->897 898 7ff6fa95781e-7ff6fa95782e 880->898 888 7ff6fa95791c-7ff6fa95791f 882->888 889 7ff6fa957935-7ff6fa957947 call 7ff6fa9574ec 882->889 903 7ff6fa9578f2-7ff6fa9578f9 883->903 887 7ff6fa957990 885->887 886->885 892 7ff6fa957995 887->892 893 7ff6fa95799a-7ff6fa9579a4 888->893 894 7ff6fa957921-7ff6fa957933 call 7ff6fa9573d0 888->894 889->903 892->893 899 7ff6fa957a0a-7ff6fa957a0f 893->899 900 7ff6fa9579a6-7ff6fa9579ab 893->900 894->903 897->876 904 7ff6fa957856-7ff6fa957859 897->904 898->876 898->897 899->863 905 7ff6fa9579da-7ff6fa9579eb 900->905 906 7ff6fa9579ad-7ff6fa9579b0 900->906 903->892 908 7ff6fa95785f-7ff6fa957866 904->908 909 7ff6fa9578e0-7ff6fa9578ed call 7ff6fa956de0 904->909 910 7ff6fa9579ed-7ff6fa9579f0 905->910 911 7ff6fa9579f2-7ff6fa957a02 call 7ff6fa94fc70 call 7ff6fa94fc50 905->911 913 7ff6fa9579cd-7ff6fa9579d5 call 7ff6fa94fc00 906->913 914 7ff6fa9579b2-7ff6fa9579c2 call 7ff6fa94fc70 call 7ff6fa94fc50 906->914 908->893 912 7ff6fa95786c-7ff6fa95787a 908->912 909->903 910->860 910->911 911->899 912->887 916 7ff6fa957880 912->916 913->905 914->913 920 7ff6fa957883-7ff6fa95789a call 7ff6fa95de6c 916->920 930 7ff6fa95789c-7ff6fa9578a6 920->930 931 7ff6fa9578d2-7ff6fa9578db GetLastError 920->931 932 7ff6fa9578a8-7ff6fa9578ba call 7ff6fa95de6c 930->932 933 7ff6fa9578c3-7ff6fa9578ca 930->933 931->887 932->931 937 7ff6fa9578bc-7ff6fa9578c1 932->937 933->887 935 7ff6fa9578d0 933->935 935->920 937->933
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6FA95778A
                                                                                                                                                                                                                • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6FA957707,?,?,?,00007FF6FA95136B), ref: 00007FF6FA957848
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6FA957707,?,?,?,00007FF6FA95136B), ref: 00007FF6FA9578D2
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ConsoleErrorLastMode_invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2210144848-0
                                                                                                                                                                                                                • Opcode ID: d06b69eb54db138b2fabc1b490ae97352d3858303d3e99d72cf8a1c469c90f76
                                                                                                                                                                                                                • Instruction ID: 8c020a156babc7f158d18cec593b79a02588c0500ec5121a438be4996dc128e9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d06b69eb54db138b2fabc1b490ae97352d3858303d3e99d72cf8a1c469c90f76
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EC818D22E286128DF7109B6998522B927F0BB44B96F4449B1DE2ED77D3EF3CE545C320
                                                                                                                                                                                                                Function 00007FF6FA94A754 Relevance: 7.6, APIs: 5, Instructions: 94COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4144305933-0
                                                                                                                                                                                                                • Opcode ID: 905a242882acf3dcbb492acab9fca3e2a56a9f2e6c63301775e57231c58ea269
                                                                                                                                                                                                                • Instruction ID: e6f31bda7045c247b9b62ce48f196c0f4ec1e55bbede6543fb0c875065ffc582
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 905a242882acf3dcbb492acab9fca3e2a56a9f2e6c63301775e57231c58ea269
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FF313F21E7C10345FB64AB69A4523B92792BF91785F5480B4DE7ECBBD7FE2CA8058200
                                                                                                                                                                                                                Function 00007FF6FA95A16C Relevance: 6.2, APIs: 4, Instructions: 161COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 997 7ff6fa95a16c-7ff6fa95a1a9 998 7ff6fa95a354-7ff6fa95a35f call 7ff6fa94fc70 997->998 999 7ff6fa95a1af-7ff6fa95a1b5 997->999 1005 7ff6fa95a363-7ff6fa95a37f call 7ff6fa94a5f0 998->1005 999->998 1000 7ff6fa95a1bb-7ff6fa95a1c3 999->1000 1000->998 1002 7ff6fa95a1c9-7ff6fa95a1cc 1000->1002 1002->998 1004 7ff6fa95a1d2-7ff6fa95a1e3 1002->1004 1006 7ff6fa95a20d-7ff6fa95a211 1004->1006 1007 7ff6fa95a1e5-7ff6fa95a1ee call 7ff6fa95a10c 1004->1007 1006->998 1011 7ff6fa95a217-7ff6fa95a21b 1006->1011 1007->998 1014 7ff6fa95a1f4-7ff6fa95a1f7 1007->1014 1011->998 1013 7ff6fa95a221-7ff6fa95a225 1011->1013 1013->998 1015 7ff6fa95a22b-7ff6fa95a23b call 7ff6fa95a10c 1013->1015 1014->998 1017 7ff6fa95a1fd-7ff6fa95a200 1014->1017 1020 7ff6fa95a23d-7ff6fa95a240 1015->1020 1021 7ff6fa95a244 call 7ff6fa9605b4 1015->1021 1017->998 1019 7ff6fa95a206 1017->1019 1019->1006 1020->1021 1022 7ff6fa95a242 1020->1022 1024 7ff6fa95a249-7ff6fa95a260 call 7ff6fa95f9b0 1021->1024 1022->1021 1027 7ff6fa95a266-7ff6fa95a271 call 7ff6fa95f9e0 1024->1027 1028 7ff6fa95a380-7ff6fa95a397 call 7ff6fa955984 1024->1028 1027->1028 1033 7ff6fa95a277-7ff6fa95a282 call 7ff6fa95fa10 1027->1033 1033->1028 1036 7ff6fa95a288-7ff6fa95a319 1033->1036 1037 7ff6fa95a31b-7ff6fa95a335 1036->1037 1038 7ff6fa95a34f-7ff6fa95a352 1036->1038 1039 7ff6fa95a34a-7ff6fa95a34d 1037->1039 1040 7ff6fa95a337-7ff6fa95a33b 1037->1040 1038->1005 1039->1005 1040->1039 1041 7ff6fa95a33d-7ff6fa95a348 call 7ff6fa9605f4 1040->1041 1041->1038 1041->1039
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4170891091-0
                                                                                                                                                                                                                • Opcode ID: 1e89f32c8738a6adba9b4243f60db3606398dcc5d4dd087393c0fa2c4f991abe
                                                                                                                                                                                                                • Instruction ID: c4ad39bd802aa57aee340af749513d683b51eebbb2fd7466cb19594c2cd8c119
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1e89f32c8738a6adba9b4243f60db3606398dcc5d4dd087393c0fa2c4f991abe
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3C51D672F242128EEB18CB6CD98A5BC27E5AF44359F540175DE2ED6ED6EF3CA4058700
                                                                                                                                                                                                                Function 00007FF6FA950030 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2780335769-0
                                                                                                                                                                                                                • Opcode ID: 6dc1fe3e67db78ba05ff380342028693a4fa93987a2dd2de1e1e4c9ede446661
                                                                                                                                                                                                                • Instruction ID: 81346fe25ae84419d7254ff5a6dbd9d8a291f48b31c99b203528e781d37d4ab3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6dc1fe3e67db78ba05ff380342028693a4fa93987a2dd2de1e1e4c9ede446661
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8517A22E286428EFB10CFA5D4813BD23E1AB48B59F148174DE2DDB78AEF38D4858741
                                                                                                                                                                                                                Function 00007FF6FA94FEE4 Relevance: 4.6, APIs: 3, Instructions: 92fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseCreateDriveFileHandleType_invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2907017715-0
                                                                                                                                                                                                                • Opcode ID: 2e9f51862bea0f784220eb21cb60309d8ddf4c05621d68dd0f99bab33618c716
                                                                                                                                                                                                                • Instruction ID: 5a5e1b4b73206251e8efba67bd001b076adc2322c2a62d78713f2c8a86f22f15
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2e9f51862bea0f784220eb21cb60309d8ddf4c05621d68dd0f99bab33618c716
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2431C532D287924BE7509F2595002697690FB85BA4F148375EEBCC3AD3EF3CE5A18750
                                                                                                                                                                                                                Function 00007FF6FA954394 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1703294689-0
                                                                                                                                                                                                                • Opcode ID: f5bd35b994d705466abf85fcadaa355dadbc0a36878a45ce859ff20c5e8e7d7d
                                                                                                                                                                                                                • Instruction ID: 4ffae17aa9cf940964a164f5dbbbead029fbe4e8130c5b458b71818a786cafc4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f5bd35b994d705466abf85fcadaa355dadbc0a36878a45ce859ff20c5e8e7d7d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5EE04820B7570147E7546735D9D627912965F85742F0055B8D82FC23E3EE3DE4488340
                                                                                                                                                                                                                Function 00007FF6FA9597A0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: try_get_function
                                                                                                                                                                                                                • String ID: AppPolicyGetProcessTerminationMethod
                                                                                                                                                                                                                • API String ID: 2742660187-2031265017
                                                                                                                                                                                                                • Opcode ID: 7c477a6e0260293fc4875704b17d5099e40d7a8fa35e17519be663d6003857eb
                                                                                                                                                                                                                • Instruction ID: 91679ca27a22248d5996b5f78462c4935753158fd83e3ec6533b649764570e2f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7c477a6e0260293fc4875704b17d5099e40d7a8fa35e17519be663d6003857eb
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EAE04F95E2950691FB154BB5B8011B02260DF09770F4803B2ED3CC63D2BE6CDDD58280
                                                                                                                                                                                                                Function 00007FF6FA94C980 Relevance: 3.2, APIs: 2, Instructions: 175COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                • Opcode ID: 3a360d2ad2bb13cf9f8ab5b50ae1311b61a053adb877290eeecf37944b2da1b9
                                                                                                                                                                                                                • Instruction ID: 102793b1c6f090bc18bde06ff3c1fc22278d62d0bccd1ece4f358fbe6e29aa9c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a360d2ad2bb13cf9f8ab5b50ae1311b61a053adb877290eeecf37944b2da1b9
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8751B422B2964249FB68DE36940067A6691BF44BA4F08C276DE7DD77D7FE3CE4019600
                                                                                                                                                                                                                Function 00007FF6FA9501D8 Relevance: 3.0, APIs: 2, Instructions: 43timeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6FA9500ED), ref: 00007FF6FA95020C
                                                                                                                                                                                                                • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6FA9500ED), ref: 00007FF6FA950220
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1707611234-0
                                                                                                                                                                                                                • Opcode ID: 0eaf3b3217e949b2d1843143c589130ed5bb45f9e3ac99212c08a79cd93a5246
                                                                                                                                                                                                                • Instruction ID: 10936345bf0e3bdafcaa6bcf1ba16d06c5db56418e905f3f47c3b2a78b89b3f9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0eaf3b3217e949b2d1843143c589130ed5bb45f9e3ac99212c08a79cd93a5246
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 85118C62F286128DFB548B6594120BD37F0AB48B2AB400275EE7ED5AD9FF38D090C710
                                                                                                                                                                                                                Function 00007FF6FA956ABC Relevance: 3.0, APIs: 2, Instructions: 42COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetFilePointerEx.KERNELBASE(?,?,?,00007FF6FA9577DF,?,?,?,?,?,?,?,?,?,?,?,00007FF6FA957707), ref: 00007FF6FA956B00
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF6FA9577DF,?,?,?,?,?,?,?,?,?,?,?,00007FF6FA957707), ref: 00007FF6FA956B0A
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2976181284-0
                                                                                                                                                                                                                • Opcode ID: 1070729c18fb5a550bb7979bd9dd777fb7470f3e740498ab44d3ee6d69d9d9f5
                                                                                                                                                                                                                • Instruction ID: 3c4150859ddafbc603eced56623ee01833c192e66142bc3f82f85216e88547c2
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1070729c18fb5a550bb7979bd9dd777fb7470f3e740498ab44d3ee6d69d9d9f5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: AA01C462B2CA8241EB109B69E8450797291AF44BF1F588371EA7ECB7D6EE7CD4518300
                                                                                                                                                                                                                Function 00007FF6FA95201C Relevance: 3.0, APIs: 2, Instructions: 35timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6FA951E99), ref: 00007FF6FA95203F
                                                                                                                                                                                                                • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6FA951E99), ref: 00007FF6FA952055
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1707611234-0
                                                                                                                                                                                                                • Opcode ID: 9bba130d84977ab18fcd365510e816d73f80cae2fb6a2fa4e9637845de17096b
                                                                                                                                                                                                                • Instruction ID: 107f4b39f36c26087fe2721245682ee66976d09fab004fedde7b9cf19ad4c3db
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9bba130d84977ab18fcd365510e816d73f80cae2fb6a2fa4e9637845de17096b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BB01522152C65186E7505B25E40113AB7F1FB85762F600275E6BDC5AD9FF7DD050CB01
                                                                                                                                                                                                                Function 00007FF6FA952BB8 Relevance: 3.0, APIs: 2, Instructions: 12fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: DeleteErrorFileLast
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2018770650-0
                                                                                                                                                                                                                • Opcode ID: a110f7d1b7ec296afe3bcd74a18c0b5b99b74e1faa9278b797ccf47ad87a1743
                                                                                                                                                                                                                • Instruction ID: 2496046c3a03e2ee9b2f22961162d320c996eb9ceed221e350e13100a497a0bc
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a110f7d1b7ec296afe3bcd74a18c0b5b99b74e1faa9278b797ccf47ad87a1743
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 42D0C910F3864385F7242BB94C4627821942F46726F6006B0C43DC13D3FE1CA0860151
                                                                                                                                                                                                                Function 00007FF6FA951D84 Relevance: 3.0, APIs: 2, Instructions: 12COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: DirectoryErrorLastRemove
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 377330604-0
                                                                                                                                                                                                                • Opcode ID: 258a339611dc062ead2a4e41dd68cb13de698b6b72ff6dd1ba0822b57a256d12
                                                                                                                                                                                                                • Instruction ID: 88ba84f2a952c6bd6c5f22b200c9a3cc0b973213be920f8b402bce5639bcc180
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 258a339611dc062ead2a4e41dd68cb13de698b6b72ff6dd1ba0822b57a256d12
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 45D01230F3C5438AE75437B59C4607921D86F45B26F7006B5C43DC13D3FE1CA4854551
                                                                                                                                                                                                                Function 00007FF6FA955B24 Relevance: 2.6, APIs: 2, Instructions: 55COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CloseHandle.KERNELBASE(?,?,?,00007FF6FA955A57,?,?,00000000,00007FF6FA955AFF,?,?,?,?,?,?,00007FF6FA94C892), ref: 00007FF6FA955B8A
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF6FA955A57,?,?,00000000,00007FF6FA955AFF,?,?,?,?,?,?,00007FF6FA94C892), ref: 00007FF6FA955B94
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 918212764-0
                                                                                                                                                                                                                • Opcode ID: 482a02ddfad1f0d1748aaf476af5d25a2817b8fdf229cc618c88afa72f650b78
                                                                                                                                                                                                                • Instruction ID: 56623dce8fd0246a39f21c00cac2f0cac03892339184574d3372f994f49eb200
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 482a02ddfad1f0d1748aaf476af5d25a2817b8fdf229cc618c88afa72f650b78
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0F119325B2C64249FFA4576894AA37C12C69F447A6F5406B5DA3ECB3C3FE6CE4858200
                                                                                                                                                                                                                Function 00007FF6FA946780 Relevance: 1.6, APIs: 1, Instructions: 141COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ByteCharMultiWide_findclose
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2772937645-0
                                                                                                                                                                                                                • Opcode ID: 60610fc876f16fd9b0a90bb3068824f235090de2859d10f142fb3a36952b6a68
                                                                                                                                                                                                                • Instruction ID: 125e2a673b0a518bbe25367e5a83ef9f1f50b02e117d21c2931f3f67dce876a0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 60610fc876f16fd9b0a90bb3068824f235090de2859d10f142fb3a36952b6a68
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BC714B52E28AC581E7118B2CD5052FD6360F7A9B48F55E325DFAC92693FF28E2D9C700
                                                                                                                                                                                                                Function 00007FF6FA94CF5C Relevance: 1.6, APIs: 1, Instructions: 133COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                • Opcode ID: 6c725879a9bfdb12692b60cf48444af2d02fd5d902aee4b12f90eb5804108709
                                                                                                                                                                                                                • Instruction ID: 716261644740a62602033f2fa37e96a4a63a307b8d935f31dad4cddef4a7e7bc
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6c725879a9bfdb12692b60cf48444af2d02fd5d902aee4b12f90eb5804108709
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F041F661B2C2554AEB689D2A9500239B791BF44FE4F1482B5EE3DC77D7EE3CE8424300
                                                                                                                                                                                                                Function 00007FF6FA956860 Relevance: 1.6, APIs: 1, Instructions: 104COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                • Opcode ID: c5dd71678ec1c3fccfd7b12bb33d50ac5b5a91bc82f8ec354b455621dbb7ad32
                                                                                                                                                                                                                • Instruction ID: f47c44313cb5d27676193990d2ceea550b1b26ca08509a99917efc1b84fd4217
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c5dd71678ec1c3fccfd7b12bb33d50ac5b5a91bc82f8ec354b455621dbb7ad32
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E641C332A282018AEB549B1CD65227837E0FB81752F080171DBBDC77D2EF6DE462C791
                                                                                                                                                                                                                Function 00007FF6FA95309C Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                • Opcode ID: 18b213fde59874ac87f85e5de4d39c2b719f2023920e8f19be70c6083ce6ebcb
                                                                                                                                                                                                                • Instruction ID: 2d7eab4469fec9bbea7d75d7a03104fdb8ed5fdd2cd79fcc9efa69a6399f8640
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 18b213fde59874ac87f85e5de4d39c2b719f2023920e8f19be70c6083ce6ebcb
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C5319322E38A4689EB509A39C5A637A27D09B40FD5F044179DA2EC77D7EF7CE8458340
                                                                                                                                                                                                                Function 00007FF6FA946CF0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _fread_nolock
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 840049012-0
                                                                                                                                                                                                                • Opcode ID: dd08ad4144ec7ac045db822083a8b7815fbb5a01675c0b84c06ed764115ff821
                                                                                                                                                                                                                • Instruction ID: b4495dd3d170bd4a4568a44522a16ced1e0c538e7826ca33820489a8df77b0a4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: dd08ad4144ec7ac045db822083a8b7815fbb5a01675c0b84c06ed764115ff821
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4D219661B2866256FB549B1699143BA6691BF45BC4F888071EF7DC77C7EE3CE406C300
                                                                                                                                                                                                                Function 00007FF6FA9562EC Relevance: 1.6, APIs: 1, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                • Opcode ID: aa9d58daa4fdca7623e2d05d1a30ecc85dcbd656578da667b3aeae77bf12bded
                                                                                                                                                                                                                • Instruction ID: 2002604bfcb297708450e08ef9c213932be9815bcb9ae78b0e1e3d70014c8a84
                                                                                                                                                                                                                • Opcode Fuzzy Hash: aa9d58daa4fdca7623e2d05d1a30ecc85dcbd656578da667b3aeae77bf12bded
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C9316122A2C64289E7156F59D84237D3690AF80BA2F9541B5EE3DC73D3EFBCE4418721
                                                                                                                                                                                                                Function 00007FF6FA9569CC Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 1c1c2126216073ca25d245121089a136ff3a7aa371bcd7b64ec763e68947bfc6
                                                                                                                                                                                                                • Instruction ID: f061ecab87f891f19b58f543ec3ebe14987e5765ba2b06309d88a1f44539166f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c1c2126216073ca25d245121089a136ff3a7aa371bcd7b64ec763e68947bfc6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 26217C62A2864249E7056F59984237D3690BB40BB2F5986B5EE3DC73D3EE7CE4418710
                                                                                                                                                                                                                Function 00007FF6FA95765C Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 4f8c837f573c96fa8c8593ba1b7d553f0e89515899b505bf482fc54d7a9b3302
                                                                                                                                                                                                                • Instruction ID: cb5e294ec51861fd08475f5c0218d8141362b9a5bd0b32e7075a5328b7573659
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4f8c837f573c96fa8c8593ba1b7d553f0e89515899b505bf482fc54d7a9b3302
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0B217C22E282424AE745AF59A84237D36A0BF40BA2F5549B5ED3DC73D3EF7CE4418720
                                                                                                                                                                                                                Function 00007FF6FA950C88 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                • Opcode ID: 6a0c664ea0f4c756350c608c231ff57430cf4264c82a4fdbd8aab7f477704700
                                                                                                                                                                                                                • Instruction ID: 9661d805b27a2b0f72e9f7e91717a8cdb2d74657d268963b34e6efccc6e98ae9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6a0c664ea0f4c756350c608c231ff57430cf4264c82a4fdbd8aab7f477704700
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 65115121A2C64289EF609F59D45227DB2E4BF85B85F5444B1EE6CC7AD7EF3CD4008750
                                                                                                                                                                                                                Function 00007FF6FA960954 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                • Opcode ID: c350cc26a48ec555f8fe80a66dafdb4ca60a247c62ca8753b8880114feebe66c
                                                                                                                                                                                                                • Instruction ID: c66624b97d039103a54f5713cfa5df530150a153fe6567e545bfb553eed4ddc1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c350cc26a48ec555f8fe80a66dafdb4ca60a247c62ca8753b8880114feebe66c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 84219832628A4146E7618F18D48137976A1FF85B94F148274E6ADC77D7FF3CD8108740
                                                                                                                                                                                                                Function 00007FF6FA9542D8 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3947729631-0
                                                                                                                                                                                                                • Opcode ID: 43a0ca25b5b6844c1e1db732f007f001f54d2ff9bdd56d7814c1d6215129c12c
                                                                                                                                                                                                                • Instruction ID: 1a106fd4b5e7a1a5fbd70fac59a3ad6533a7aef06c6c569ce97925aba6d888ff
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 43a0ca25b5b6844c1e1db732f007f001f54d2ff9bdd56d7814c1d6215129c12c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 29217131E257028EEB509F78D4412AC36E5EB84709F844575D61C82BDAEF38D545CB80
                                                                                                                                                                                                                Function 00007FF6FA94CC00 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                • Opcode ID: 050f2a8f569f90b9d9de9d5361addb679e72bb7a6764323921c2888df917ddcb
                                                                                                                                                                                                                • Instruction ID: 1e11c14be65bae77ab56ff8d09c56f04a108fdd95c65ee9b983ea78dc05f47d9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 050f2a8f569f90b9d9de9d5361addb679e72bb7a6764323921c2888df917ddcb
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C001C461A2875244EB14DB629801079B694BF85FE0F08C6B2DE7CD7BD7EE3CE4014300
                                                                                                                                                                                                                Function 00007FF6FA951A08 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                • Opcode ID: a10dc5ed40a66074362ded059a66a8b55aceffbd99f1a5ce205f2e6dd9ff1cb3
                                                                                                                                                                                                                • Instruction ID: 990ce82b8f5085cd48d29c59987c70763f0d80b5e75bef80cd74b82d0cb9b7f6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a10dc5ed40a66074362ded059a66a8b55aceffbd99f1a5ce205f2e6dd9ff1cb3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BB11A920A2D64248FF527B19654217966D49F40BD1F6441B1EE7DC77DBFF2CE4418240
                                                                                                                                                                                                                Function 00007FF6FA955A80 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 66a92c8017b1c3694242cf642bf5e48a42ebde1ff1b4540aa1cd3d890f4142b9
                                                                                                                                                                                                                • Instruction ID: 9d7c672dcc0b8cc96fbd4a943997fdcc1568773d5e0b186c24f0044dcc5802e9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 66a92c8017b1c3694242cf642bf5e48a42ebde1ff1b4540aa1cd3d890f4142b9
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1611917692C6438AEB049F54D4462BD77A0FB80762F9041B2EA6DC62E7EF7CE004C710
                                                                                                                                                                                                                Function 00007FF6FA94C840 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                • Opcode ID: dd0b535c1d7f3645ba404b8c25837ebc6b1c27099b91f0e4448c8a83c69333b0
                                                                                                                                                                                                                • Instruction ID: 8f50296c1c591d5ffd6453f215d7146bacca891160c26d76b39643528bb1fc11
                                                                                                                                                                                                                • Opcode Fuzzy Hash: dd0b535c1d7f3645ba404b8c25837ebc6b1c27099b91f0e4448c8a83c69333b0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1D018421E2810249FF546A79A45237D11906F857A4F6547B1ED3ECA3C3FE2CE4018240
                                                                                                                                                                                                                Function 00007FF6FA94D108 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                • Opcode ID: 3046e24bed232bedf9ab96f5d1dc5647e2b8c2cb7c1726276d598b4946c118ea
                                                                                                                                                                                                                • Instruction ID: a4e659d6f84c18addf991d23d5834037ae8538ea07b3e4a2785fd33eebb3d3a6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3046e24bed232bedf9ab96f5d1dc5647e2b8c2cb7c1726276d598b4946c118ea
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C5016D76A10B068CEB14CFA0E4814EC37B8FB64748B444176DE6C9379AEF34D5A5C380
                                                                                                                                                                                                                Function 00007FF6FA94CCA8 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                • Opcode ID: d27ab3f074c20aa396e25fcbfc74d5af21bb4413395d19741f8897ba95156ec4
                                                                                                                                                                                                                • Instruction ID: 057fbc5cf6aba7a1aae0a41cd4261f750494473f0b3b2a0524fc8902bf58846f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d27ab3f074c20aa396e25fcbfc74d5af21bb4413395d19741f8897ba95156ec4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A1F09021F2CA8245EB10AA56A81107D6191BF86BE0F589571FD7DC7BC7EE6CD8414710
                                                                                                                                                                                                                Function 00007FF6FA94C8C4 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                • Opcode ID: 543a764d24b90672a05431dc1a130dac9a0496b5ba23ca517f68794dfbf99782
                                                                                                                                                                                                                • Instruction ID: 4ada1cf035a6bd1ad0555757ec94ffe52bfa991fdfcf54bfd1e0ba177aa9da4b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 543a764d24b90672a05431dc1a130dac9a0496b5ba23ca517f68794dfbf99782
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C0F08231E2C60749EB54ABA9A41217D2290BF85794F2886B1FE3ECA3C3FE2CE4415750
                                                                                                                                                                                                                Function 00007FF6FA953048 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                • Opcode ID: dccd32863e6f506b4f301f1450c7bfa29d8f33399d9aa950cae963106b31457f
                                                                                                                                                                                                                • Instruction ID: 53a391966099546d45fd73c1f7c9f7a30cb83b4598944f5673030f4ee27bbfd1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: dccd32863e6f506b4f301f1450c7bfa29d8f33399d9aa950cae963106b31457f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8E03021A6974344EB14ABBAA42217A22909F85BF0F445770EA7EC66C3EE6CD0504714
                                                                                                                                                                                                                Function 00007FF6FA94FB44 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CriticalDeleteSection
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 166494926-0
                                                                                                                                                                                                                • Opcode ID: 8d0dae8a45092f006951544f9f9d69e80f6c2e4684f50a6404461fbdd949d340
                                                                                                                                                                                                                • Instruction ID: 1bc378cb8fe66c72f4ba4193dfa5d76d10c586ac5208e85c2bea8f30b9487206
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8d0dae8a45092f006951544f9f9d69e80f6c2e4684f50a6404461fbdd949d340
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F9F03025E28B0281FF00AB69D89237813D1DF88B55F4011B1CA3DCE2D3BE2CA4848261
                                                                                                                                                                                                                Function 00007FF6FA951D4C Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                • Opcode ID: 6984acfd79743b9bc40b8bfb81ba82963a1efe41c6f03bb84f2c3655ac542c53
                                                                                                                                                                                                                • Instruction ID: 2dafd53878771e50e104c01f5957927145026ecb57473afa6f407b3598c450df
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6984acfd79743b9bc40b8bfb81ba82963a1efe41c6f03bb84f2c3655ac542c53
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 61E0EC54E6870B4BFB143AE865C32B921E05F18782F6444B4DD79C62C7FE1C6C455A61
                                                                                                                                                                                                                Function 00007FF6FA9559CC Relevance: 1.5, APIs: 1, Instructions: 14memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3298025750-0
                                                                                                                                                                                                                • Opcode ID: acdbf11aae047a79c9ec42cda96ce7ee898aca8c8a575da0409811d9637c2f0e
                                                                                                                                                                                                                • Instruction ID: f79f841e6869bcce86a3549d30a1a7947ce15ba361d83396a0752e512011fdc7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: acdbf11aae047a79c9ec42cda96ce7ee898aca8c8a575da0409811d9637c2f0e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 83D0A944E3D14387FB2897E2A88203002991FA4F82F0840B0CC3CC02E3BE0CA4810260
                                                                                                                                                                                                                Function 00007FF6FA946E20 Relevance: 1.3, APIs: 1, Instructions: 88sleepCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00007FF6FA952BB8: DeleteFileW.KERNELBASE ref: 00007FF6FA952BBC
                                                                                                                                                                                                                  • Part of subcall function 00007FF6FA952BB8: GetLastError.KERNEL32 ref: 00007FF6FA952BC6
                                                                                                                                                                                                                • Sleep.KERNEL32(0000000100000000,00007FF6FA94690E,00000000,00007FF6FA9438F7), ref: 00007FF6FA946F6A
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: DeleteErrorFileLastSleep
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3792865491-0
                                                                                                                                                                                                                • Opcode ID: 22fbbc665f8beedd618d4c615c2cafdb76cce68371e549ef1a4929170aa5c884
                                                                                                                                                                                                                • Instruction ID: b3ecbc4d2755ad620cd6eed8fe660bd612a7e32450c86ade8564fd64cf5b9a80
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 22fbbc665f8beedd618d4c615c2cafdb76cce68371e549ef1a4929170aa5c884
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B9416456D2878582E7519B24D5012FD63B0FB99744F85E272EFED92693FF28A2D8C300
                                                                                                                                                                                                                Function 00007FF6FA959550 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(?,?,00000000,00007FF6FA9586BD,?,?,00000000,00007FF6FA94FC79,?,?,?,?,00007FF6FA9559F1), ref: 00007FF6FA9595A5
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AllocHeap
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4292702814-0
                                                                                                                                                                                                                • Opcode ID: afbdb11ed1b08d377bc5fadb4004119812ee57a7d3acb3d5a3c71706b847d8e8
                                                                                                                                                                                                                • Instruction ID: 4a7aad70269ecf8b4e1406f006e8e1ed8b4f7cfe007e65ee93bc491de0066d2e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: afbdb11ed1b08d377bc5fadb4004119812ee57a7d3acb3d5a3c71706b847d8e8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 30F06D4CB2A20349FF5457AA99022B513D65F98B92F4C40B0DD2FC63D3FF1CE4A28220
                                                                                                                                                                                                                Function 00007FF6FA957D90 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AllocHeap
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4292702814-0
                                                                                                                                                                                                                • Opcode ID: da64b355eaac81519204d4bb0c2681d204a24ced9ca617c428c4ac08c8bc7bff
                                                                                                                                                                                                                • Instruction ID: af207f6ca77ad9c2cdf8e76611a021efd83277df7eb84fb10a91409a361311b9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: da64b355eaac81519204d4bb0c2681d204a24ced9ca617c428c4ac08c8bc7bff
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 10F08C11B3D20749FB6467AA584237522E45F84BB2F080AB4DC3EC63C3FE2CA5418A20

                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                Function 00007FF6FA943C90 Relevance: 285.7, APIs: 54, Strings: 109, Instructions: 443libraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressProc
                                                                                                                                                                                                                • String ID: Failed to get address for PyDict_GetItemString$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyList_New$Failed to get address for PyLong_AsLong$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PySys_AddWarnOption$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetArgvEx$Failed to get address for PySys_SetObject$Failed to get address for PySys_SetPath$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_BuildValue$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_DontWriteBytecodeFlag$Failed to get address for Py_FileSystemDefaultEncoding$Failed to get address for Py_Finalize$Failed to get address for Py_FrozenFlag$Failed to get address for Py_GetPath$Failed to get address for Py_IgnoreEnvironmentFlag$Failed to get address for Py_IncRef$Failed to get address for Py_Initialize$Failed to get address for Py_NoSiteFlag$Failed to get address for Py_NoUserSiteDirectory$Failed to get address for Py_OptimizeFlag$Failed to get address for Py_SetPath$Failed to get address for Py_SetProgramName$Failed to get address for Py_SetPythonHome$Failed to get address for Py_UnbufferedStdioFlag$Failed to get address for Py_VerboseFlag$GetProcAddress$PyDict_GetItemString$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyList_New$PyLong_AsLong$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyRun_SimpleStringFlags$PySys_AddWarnOption$PySys_GetObject$PySys_SetArgvEx$PySys_SetObject$PySys_SetPath$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_BuildValue$Py_DecRef$Py_DecodeLocale$Py_DontWriteBytecodeFlag$Py_FileSystemDefaultEncoding$Py_Finalize$Py_FrozenFlag$Py_GetPath$Py_IgnoreEnvironmentFlag$Py_IncRef$Py_Initialize$Py_NoSiteFlag$Py_NoUserSiteDirectory$Py_OptimizeFlag$Py_SetPath$Py_SetProgramName$Py_SetPythonHome$Py_UnbufferedStdioFlag$Py_VerboseFlag
                                                                                                                                                                                                                • API String ID: 190572456-139387903
                                                                                                                                                                                                                • Opcode ID: 25571350705606e69c6884172ef84a6fbccfbccdf8a43baf74e4d03ce1e63489
                                                                                                                                                                                                                • Instruction ID: 81225353e495652102bd2ed7a77a1e03f7d2008b35394d583cdbd43cf1eaf0b4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 25571350705606e69c6884172ef84a6fbccfbccdf8a43baf74e4d03ce1e63489
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9F328064A2EB0391FB19CB18A85017423B5BF4A741B8494B9CD3EC63E6FF7DE548D680
                                                                                                                                                                                                                Function 00007FF6FA941B80 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 188windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MessageSend$Window$Create$Move$ObjectSelect$#380BaseClientDialogDrawFontIndirectInfoParametersRectReleaseSystemTextUnits
                                                                                                                                                                                                                • String ID: BUTTON$Close$EDIT$Failed to execute script '%ls' due to unhandled exception: %ls$STATIC
                                                                                                                                                                                                                • API String ID: 2446303242-1601438679
                                                                                                                                                                                                                • Opcode ID: 405cae881102fd9b4288b25694fdcb7e510b233441f66b6cc7a0f1c85a4d260d
                                                                                                                                                                                                                • Instruction ID: ba5b3c67a748eb600e664a834b5da9a2face46a9fa0a5c1219a8f22786e99a79
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 405cae881102fd9b4288b25694fdcb7e510b233441f66b6cc7a0f1c85a4d260d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DCA16936228B81C6E7149F21E45479AB374FB88B90F504139EB9D83B65EF7DE164CB80
                                                                                                                                                                                                                Function 00007FF6FA95E4EC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1209COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                • API String ID: 808467561-2761157908
                                                                                                                                                                                                                • Opcode ID: 22e86934e9aa7124c19ddb337e70a2f8114e375dd55049989a6c0d29b15b255f
                                                                                                                                                                                                                • Instruction ID: 1d46a4d9abb5776a53d6ac15d1ac4c229f24213d86f8a46cc20856137bb342fa
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 22e86934e9aa7124c19ddb337e70a2f8114e375dd55049989a6c0d29b15b255f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B9B2C272A282928FE7258F68D5417F937E1FB44389F405175DA2ED7AC6EF39A900CB40
                                                                                                                                                                                                                Function 00007FF6FA946FA0 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,00007FF6FA942690), ref: 00007FF6FA946FC7
                                                                                                                                                                                                                • FormatMessageW.KERNEL32(00000000,00007FF6FA942690), ref: 00007FF6FA946FF6
                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32 ref: 00007FF6FA94704C
                                                                                                                                                                                                                  • Part of subcall function 00007FF6FA942610: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6FA947233,?,?,?,?,?,?,?,?,?,?,?,00007FF6FA94101D), ref: 00007FF6FA942644
                                                                                                                                                                                                                  • Part of subcall function 00007FF6FA942610: MessageBoxW.USER32 ref: 00007FF6FA94271C
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorLastMessage$ByteCharFormatMultiWide
                                                                                                                                                                                                                • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                                                                                                                • API String ID: 2920928814-2573406579
                                                                                                                                                                                                                • Opcode ID: 3a12c33edb148940672c099e74b863588d93d4457ec079783bd0d804bbb9806a
                                                                                                                                                                                                                • Instruction ID: dd70c0d3d40d1b543a944e81116b369bdcba589f341a08f1cc6861cff38ee1de
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a12c33edb148940672c099e74b863588d93d4457ec079783bd0d804bbb9806a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A4213D71A38A4292FB609F21E85026A6375FF49384F844175EA6DC27E6FF3CE545C740
                                                                                                                                                                                                                Function 00007FF6FA9482D8 Relevance: 12.0, Strings: 9, Instructions: 730COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                                                                                                                                                • API String ID: 0-2665694366
                                                                                                                                                                                                                • Opcode ID: 049921a658be687a5ad71860aa43a6d749bd02c33d2519cf778dba4da53bf44e
                                                                                                                                                                                                                • Instruction ID: 0a3ccc205473faf0590a1575ab32e755ec1f1210a98994ed41abcbdef49f7177
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 049921a658be687a5ad71860aa43a6d749bd02c33d2519cf778dba4da53bf44e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A52D772A246AA8BD7948F14D498A7E37ADFB84340F01C179DA69C37C1EF39E944CB40
                                                                                                                                                                                                                Function 00007FF6FA94AEE0 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3140674995-0
                                                                                                                                                                                                                • Opcode ID: e440e0af2a8a59d969f9bdb60f36ca4ebaa98fd206effc6c2ec9c6feadcd0944
                                                                                                                                                                                                                • Instruction ID: fd2f051cb6d1d94451898b3bac2d2c22100d7cd9c510c5b08c7a648d94ae0b4d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e440e0af2a8a59d969f9bdb60f36ca4ebaa98fd206effc6c2ec9c6feadcd0944
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A2313072629B818AEB609F60E8803ED7364FB45744F44407ADA6EC7BD6EF38D548C710
                                                                                                                                                                                                                Function 00007FF6FA95C06C Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                • Opcode ID: 37001c61dc4f3eed81f14e1e40c76d842fb23aae6b6f71e9e67832284e23fd88
                                                                                                                                                                                                                • Instruction ID: e04db9de45e0c51d42e90f8984b7541ffe27ebc02a25aeccd53f6579dd8258e0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 37001c61dc4f3eed81f14e1e40c76d842fb23aae6b6f71e9e67832284e23fd88
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 19A1D463B2868689EB10DB6AD8015BA63E0FB45BD5F444176EE6DC7BC6EF3CD4458300
                                                                                                                                                                                                                Function 00007FF6FA955750 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1239891234-0
                                                                                                                                                                                                                • Opcode ID: 7af9a718ba771edf7e69dad524d47659ead305be643fa1df24af60c020ca3b2e
                                                                                                                                                                                                                • Instruction ID: 10bf9cdb5491c75c3745c8b14297e346f4dac5274192bf866fc33f79729780c8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7af9a718ba771edf7e69dad524d47659ead305be643fa1df24af60c020ca3b2e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 67317436628B818AD764CF25E8402AE73A4FB89754F540135EAADC7B96EF3CC145C700
                                                                                                                                                                                                                Function 00007FF6FA956DE0 Relevance: 7.8, APIs: 5, Instructions: 328fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorFileLastWrite$ConsoleOutput
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1443284424-0
                                                                                                                                                                                                                • Opcode ID: 0a19410c419814db5db070c5d12a1b78bfb040d79319ef459e0b6fcfc05cf743
                                                                                                                                                                                                                • Instruction ID: 9ed915da3e8474891d27e2af740fbfda327cac000d894ebdf7993cf946e32416
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0a19410c419814db5db070c5d12a1b78bfb040d79319ef459e0b6fcfc05cf743
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 88E11272B28A819AE700CF68D0411AD7BB1FB45788F044576EE6ED7BDAEE38D516C700
                                                                                                                                                                                                                Function 00007FF6FA95FF2C Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 244COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID: ?
                                                                                                                                                                                                                • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                • Opcode ID: 04833c3b7dc3858268eb9e0a584bbc25512f1991472f0a42b83565db3ec32565
                                                                                                                                                                                                                • Instruction ID: 8465d362747d58f8e762db9a7ec0218edeeeddef6d62e71e33e8012b3d982647
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 04833c3b7dc3858268eb9e0a584bbc25512f1991472f0a42b83565db3ec32565
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D4910726E2825249EB209B29D45127A67A1EF81BE4F508171EE6DC7BD7FF3CD441C780
                                                                                                                                                                                                                Function 00007FF6FA947AA4 Relevance: 5.4, Strings: 4, Instructions: 399COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: $header crc mismatch$unknown compression method$unknown header flags set
                                                                                                                                                                                                                • API String ID: 0-4074041902
                                                                                                                                                                                                                • Opcode ID: 3ccf8dfa57ebed5ae874e87ea7e697ea666599418b435e4c2251ebe5a9e21131
                                                                                                                                                                                                                • Instruction ID: 1cdf7fc13ef733326f6fb3640a20933d38efa58dabd4f5debec844788d94c63c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3ccf8dfa57ebed5ae874e87ea7e697ea666599418b435e4c2251ebe5a9e21131
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A1F1A47262839986E7A59F15C088A3A3BA9FF44740F0585B9DE79C73D2EF38E840C740
                                                                                                                                                                                                                Function 00007FF6FA95E0C0 Relevance: 4.8, APIs: 3, Instructions: 317COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memcpy_s
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1502251526-0
                                                                                                                                                                                                                • Opcode ID: 61c8d48a73c74d7b2b5693099c23eccbf95a4682f3061de545b2f75f73c9d44c
                                                                                                                                                                                                                • Instruction ID: 55b1f83072bcd6f6635b9f32f4abbe9283e8e85964eb6028b75c5cbcac9a45dd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 61c8d48a73c74d7b2b5693099c23eccbf95a4682f3061de545b2f75f73c9d44c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 72C1C372B282868BEB24CF1DE24566AB7D1F794785F448135DB5AC3785EE3EE801CB40
                                                                                                                                                                                                                Function 00007FF6FA94A060 Relevance: 4.1, Strings: 3, Instructions: 384COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: invalid distance code$invalid distance too far back$invalid literal/length code
                                                                                                                                                                                                                • API String ID: 0-3255898291
                                                                                                                                                                                                                • Opcode ID: 5ccc26b74eac166d3016146671465d669a63232148addc042f7b457501de7681
                                                                                                                                                                                                                • Instruction ID: 1306e5e44265541bb302bfb81cd434bee48b0978eef41681dd7e7b0b38e715c7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5ccc26b74eac166d3016146671465d669a63232148addc042f7b457501de7681
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 30D11132A285D18BD7598B29D44427D3BA1F795750F14827AEEAAC3BC2EE3CD909C700
                                                                                                                                                                                                                Function 00007FF6FA94790D Relevance: 4.0, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: incorrect header check$invalid window size$unknown compression method
                                                                                                                                                                                                                • API String ID: 0-1186847913
                                                                                                                                                                                                                • Opcode ID: 933fdda2a0a693fb4704c872a706b9889a7611392e337090ac754fb873cc17c4
                                                                                                                                                                                                                • Instruction ID: e5752723072f58cbd334e82953c13539a9b1377f3b26c25e34dc9dca48882523
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 933fdda2a0a693fb4704c872a706b9889a7611392e337090ac754fb873cc17c4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14918972A2839A87E7A49E15D488A3A37A9FF44350F11C1B5DE79C67C1EF38E944CB40
                                                                                                                                                                                                                Function 00007FF6FA947FCC Relevance: 3.9, Strings: 3, Instructions: 161COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: $ $invalid block type
                                                                                                                                                                                                                • API String ID: 0-2056396358
                                                                                                                                                                                                                • Opcode ID: 6941b897d4e00403c18809f6a673ff2f5a89638ff58ad76ef09c7e80b304dd39
                                                                                                                                                                                                                • Instruction ID: d7fb322e11494f24b75645aaae40562e428b84092e9d1bed82da3d88a30d9ace
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6941b897d4e00403c18809f6a673ff2f5a89638ff58ad76ef09c7e80b304dd39
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1C61A5B292479A8AE7609F15D88C63A3AACFB44350F11C1B5DA78C27D1FF39E545CB40
                                                                                                                                                                                                                Function 00007FF6FA9587F4 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 251COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID: gfffffff
                                                                                                                                                                                                                • API String ID: 3215553584-1523873471
                                                                                                                                                                                                                • Opcode ID: 6e6b374e358ffb98ed3835fe1ad345463b8c13656902312dc80815bb4bc071b0
                                                                                                                                                                                                                • Instruction ID: bc6383adbf2ef1532047cce79e40cbf287427627d1f78b04d1c98cf842f56811
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e6b374e358ffb98ed3835fe1ad345463b8c13656902312dc80815bb4bc071b0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34913262B293C68AEB15CB2990113B96BD4AB51BC4F04C072CE6DDB7C2EE3DE502D301
                                                                                                                                                                                                                Function 00007FF6FA959200 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 220COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6FA959236
                                                                                                                                                                                                                  • Part of subcall function 00007FF6FA955984: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF6FA955961), ref: 00007FF6FA95598D
                                                                                                                                                                                                                  • Part of subcall function 00007FF6FA955984: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF6FA955961), ref: 00007FF6FA9559B2
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CurrentFeaturePresentProcessProcessor_invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID: -
                                                                                                                                                                                                                • API String ID: 4036615347-2547889144
                                                                                                                                                                                                                • Opcode ID: 9a225e88cd471c9f0d28c8492e0b3f4a847acdc232b1f098b5a0036e8607a1c4
                                                                                                                                                                                                                • Instruction ID: c61883cbdb1a4b99ee8d40a750830f81a068a0ac2fc73d0df5f9622bda8be23c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9a225e88cd471c9f0d28c8492e0b3f4a847acdc232b1f098b5a0036e8607a1c4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB910576A283858AEB60CB1AD541769B7D1FB85BD0F444275EAADC3BDAEF3CD4008700
                                                                                                                                                                                                                Function 00007FF6FA963C18 Relevance: 3.2, APIs: 2, Instructions: 232COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 15204871-0
                                                                                                                                                                                                                • Opcode ID: cc44eefe37f4df5582d82a49112138722456b84e82797c40e34ba7e475433f75
                                                                                                                                                                                                                • Instruction ID: 0165d83947e0ebe49ed4c0385518b7cee6a64006de2a6a59501ec51a63c94434
                                                                                                                                                                                                                • Opcode Fuzzy Hash: cc44eefe37f4df5582d82a49112138722456b84e82797c40e34ba7e475433f75
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E8B16B73A10B848BEB15CF29C48626937E0FB85B88F148979DA6DC7BA5DF39D411C740
                                                                                                                                                                                                                Function 00007FF6FA960A18 Relevance: 1.7, APIs: 1, Instructions: 195COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _get_daylight_invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 474895018-0
                                                                                                                                                                                                                • Opcode ID: 46d0a04ab260b9a3a97bb36ab95096af4939c4d58eb1b6c462ed920786b6fec8
                                                                                                                                                                                                                • Instruction ID: 4bdf7cd4e258f6e0525603cf620da76ff5f01fa5eb6d970db18d9c6e7a77699a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 46d0a04ab260b9a3a97bb36ab95096af4939c4d58eb1b6c462ed920786b6fec8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0671F222A2C2824AFB644E6994D063D76C1EF42364F18C6B9DA7DC77D7FE7DE8408640
                                                                                                                                                                                                                Function 00007FF6FA94E80C Relevance: 1.5, Strings: 1, Instructions: 209COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                • API String ID: 3215553584-4108050209
                                                                                                                                                                                                                • Opcode ID: a375ce7d8ac190a774d9db1b0bbd49aa5845f631dc9fe3244db92a46c16961f0
                                                                                                                                                                                                                • Instruction ID: 22ee60252dba395a6bdd93cecef62e120bb40a3480f802fbe12b4fa9fcddf925
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a375ce7d8ac190a774d9db1b0bbd49aa5845f631dc9fe3244db92a46c16961f0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3C719025A3C24382EBB89A1980406F92291FF44744F84D5B6DDBAD77DBFE2DE8438705
                                                                                                                                                                                                                Function 00007FF6FA952BE0 Relevance: 1.5, Strings: 1, Instructions: 207COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID: TMP
                                                                                                                                                                                                                • API String ID: 3215553584-3125297090
                                                                                                                                                                                                                • Opcode ID: 9ffd14bf24be83997019ffd4c3cae73ac9f88f7c325cb67969f22f625a7b8b58
                                                                                                                                                                                                                • Instruction ID: 21c52afb69d861b9f1f6e3c8b85438e18d41f23f8d2b5e64d037f1ad05e6e240
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9ffd14bf24be83997019ffd4c3cae73ac9f88f7c325cb67969f22f625a7b8b58
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C1610615B2835349FB28AB2A9D1317A62D5AF45BC6F4880B5CE2DC77D7FE3CE4468600
                                                                                                                                                                                                                Function 00007FF6FA94E5A4 Relevance: 1.4, Strings: 1, Instructions: 196COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                • API String ID: 3215553584-4108050209
                                                                                                                                                                                                                • Opcode ID: b79696a407a2e1f99417375bab57c27b4c70aed7112a41bb3197fc5d58abf242
                                                                                                                                                                                                                • Instruction ID: ce6eee55a686b2980c19ffac5dabe2f1185d4ab4b06b81e9095a31b076afd250
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b79696a407a2e1f99417375bab57c27b4c70aed7112a41bb3197fc5d58abf242
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 15610335E3C24346FF684A2950003FA5792BF42B48F5495B5DDB8C76DBEE2DE8468B01
                                                                                                                                                                                                                Function 00007FF6FA95DB48 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: HeapProcess
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 54951025-0
                                                                                                                                                                                                                • Opcode ID: 8801fbc29237cde97098c2992bb5712ac8fa4bdca70bfcd9b7dcc25e25bd9bb3
                                                                                                                                                                                                                • Instruction ID: ed0572d7eaf8d1fd207382497c16c2459f94b893e981bf9e00aefa3308916334
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8801fbc29237cde97098c2992bb5712ac8fa4bdca70bfcd9b7dcc25e25bd9bb3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 45B09220E2BA02C2EB082B51ACC221423A97F89720F8900B8C42DC0361EF2C20A59760
                                                                                                                                                                                                                Function 00007FF6FA949760 Relevance: .2, Instructions: 197COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 1385a6dc4bf741762803ad4c6cf90cf37c55bf401a043c8da06b4fed85b1e8de
                                                                                                                                                                                                                • Instruction ID: 926b56a6ce344f327ca2726206bb0d0455d256d09bb418d3e1ff9831f3cb9969
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1385a6dc4bf741762803ad4c6cf90cf37c55bf401a043c8da06b4fed85b1e8de
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 047183777301749BEB648B2E9514AB93390F36A349FC5A115EB8487B81CE3E7921CF50
                                                                                                                                                                                                                Function 00007FF6FA950700 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: d6ef73793ea1788ae08d57b95515db7d43b127d7364744ae73512ded182e4f5a
                                                                                                                                                                                                                • Instruction ID: 5d5b1badb48a7921dd5720981576841bd7e3c5ae695881c4772359247cdca370
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d6ef73793ea1788ae08d57b95515db7d43b127d7364744ae73512ded182e4f5a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3541A352C2E74A0CEB99891C0902BB826C0AF22BA3D5857F4DEBDD77C7FD0D75868640
                                                                                                                                                                                                                Function 00007FF6FA954684 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3298025750-0
                                                                                                                                                                                                                • Opcode ID: 8958e6767b35e025a777fc64e267e5a93d0e49a495af46bf7bc8d34417ddc14c
                                                                                                                                                                                                                • Instruction ID: 9446de74289cb9235bae3931695a9d23cef90ffaf43455269e3711dd2f5cc9ed
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8958e6767b35e025a777fc64e267e5a93d0e49a495af46bf7bc8d34417ddc14c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8C41C222724A5586EF48CF2AD91516973A1FB88FE4B499032DE5DD7B99EE3CD0468300
                                                                                                                                                                                                                Function 00007FF6FA963A60 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 4bd83198f846778d29d018d0185ecddc9eeca64a8fdced8fb6dbde6c39c1dffb
                                                                                                                                                                                                                • Instruction ID: 39f5cda90cb6349265b99db005566d61e557613d54cb37abf72b3c847d1be28c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4bd83198f846778d29d018d0185ecddc9eeca64a8fdced8fb6dbde6c39c1dffb
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8FF06871B682558ADB988F29BC0262977E0F7083C0F80807AD99DC3B44EE3C90519F04
                                                                                                                                                                                                                Function 00007FF6FA94B0C4 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 5d3e1ff0ce676b4cbccc0a96f9ce58280626e59de3549e9ee2853c98f0f76dbb
                                                                                                                                                                                                                • Instruction ID: bf37a4c355dafa6e52330bbc4b172e5a3c7429a92312174d251b13f42f225cae
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d3e1ff0ce676b4cbccc0a96f9ce58280626e59de3549e9ee2853c98f0f76dbb
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7DA0026193CD02D0E7048B04E9D00382738FF51301B8280B1C53EC12EABF3EE500C340
                                                                                                                                                                                                                Function 00007FF6FA9451F0 Relevance: 166.5, APIs: 31, Strings: 64, Instructions: 287libraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                • API String ID: 2238633743-1453502826
                                                                                                                                                                                                                • Opcode ID: e95c3f220ff907c97ac3a5505cef918bda10cea1a09b7661ea358f21aa108c0d
                                                                                                                                                                                                                • Instruction ID: b9215dc6d111743735ffa5e9f57f1c2cf2e2035110d0b198b69defe3d6390f62
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e95c3f220ff907c97ac3a5505cef918bda10cea1a09b7661ea358f21aa108c0d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B0E18464A3EB0391EB558B54E8A017823B9BF46740B8491B5C93EC67E6FF7CE944C290
                                                                                                                                                                                                                Function 00007FF6FA942020 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                • String ID: P%
                                                                                                                                                                                                                • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                • Opcode ID: aae4e62fcfd093211e570d6b90d2c8fdd41e88a62d8dc34d7df732e47f0cc643
                                                                                                                                                                                                                • Instruction ID: a7c447e43c56698703f158195486d9f614bee9a77c7fa222e3e7ae1b74cedceb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: aae4e62fcfd093211e570d6b90d2c8fdd41e88a62d8dc34d7df732e47f0cc643
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E051D5226287A186D7349F26E0185BAB7A1FB58B61F004135EFDE83785EF7DD045DB10
                                                                                                                                                                                                                Function 00007FF6FA9412B0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Message
                                                                                                                                                                                                                • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                • API String ID: 2030045667-3659356012
                                                                                                                                                                                                                • Opcode ID: e5fd9c85d6f886ee8065fb6fd571017a186f9e391fe1039f7508cc12baab45bf
                                                                                                                                                                                                                • Instruction ID: 304823c2dd1c2e978a00d4e6c08be4c81d0219555c87e1ab02aa42a78dc404a1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e5fd9c85d6f886ee8065fb6fd571017a186f9e391fe1039f7508cc12baab45bf
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA416B22B2864282EB24DB16E4502BA63A4FF45B94F948472DE7DC7BD6FE3CE441C300
                                                                                                                                                                                                                Function 00007FF6FA9470F0 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 104COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6FA94101D), ref: 00007FF6FA94718F
                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6FA94101D), ref: 00007FF6FA9471DF
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ByteCharMultiWide
                                                                                                                                                                                                                • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                • API String ID: 626452242-27947307
                                                                                                                                                                                                                • Opcode ID: 0479d7125ede5794cb059df8a79c3556dab816403aa94870206e97f7c2a4f6c1
                                                                                                                                                                                                                • Instruction ID: f3f06ec84e3e25d835ac9e8a0bed5dc29602f015679560d6c9a56f436207cbe5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0479d7125ede5794cb059df8a79c3556dab816403aa94870206e97f7c2a4f6c1
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 33416E32A28B8682D7208F15A48056AB7A4FB84794F548575EEBDC7BD6EF3CD0558700
                                                                                                                                                                                                                Function 00007FF6FA9475A0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00007FF6FA94353B), ref: 00007FF6FA9475E1
                                                                                                                                                                                                                  • Part of subcall function 00007FF6FA942610: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6FA947233,?,?,?,?,?,?,?,?,?,?,?,00007FF6FA94101D), ref: 00007FF6FA942644
                                                                                                                                                                                                                  • Part of subcall function 00007FF6FA942610: MessageBoxW.USER32 ref: 00007FF6FA94271C
                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00007FF6FA94353B), ref: 00007FF6FA947655
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                                                • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                • API String ID: 3723044601-27947307
                                                                                                                                                                                                                • Opcode ID: 415e80d084b85328e4a76e8d77a212f49e392635e65cd740730017958ab796a4
                                                                                                                                                                                                                • Instruction ID: b513154f76487051dc2994b723a23d3c932f405a7b54498509be66635b8508e4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 415e80d084b85328e4a76e8d77a212f49e392635e65cd740730017958ab796a4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A1217721A28B4695FB109F2AE85007973A2BF84B90B548576CA7EC37E6FF7CE445C340
                                                                                                                                                                                                                Function 00007FF6FA947690 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 99COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ByteCharMultiWide
                                                                                                                                                                                                                • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                                                • API String ID: 626452242-876015163
                                                                                                                                                                                                                • Opcode ID: beddf7fcbb6db7b1c79f04a56d176a201efa2834b77932cd8f77e16b213b791c
                                                                                                                                                                                                                • Instruction ID: 0f452a138fc2ccf35a2a87afdfe43f8eb72250eb878a108be29b601ecc76c9de
                                                                                                                                                                                                                • Opcode Fuzzy Hash: beddf7fcbb6db7b1c79f04a56d176a201efa2834b77932cd8f77e16b213b791c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD418E32A29A4682EB10CF15A85017A76A5FB44B94F948175DEBDC7BE6FF3CE005C700
                                                                                                                                                                                                                Function 00007FF6FA945FD0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00007FF6FA947490: MultiByteToWideChar.KERNEL32 ref: 00007FF6FA9474CA
                                                                                                                                                                                                                • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF6FA94631F,?,00000000,?,TokenIntegrityLevel), ref: 00007FF6FA94602F
                                                                                                                                                                                                                  • Part of subcall function 00007FF6FA942760: MessageBoxW.USER32 ref: 00007FF6FA942831
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF6FA94608A
                                                                                                                                                                                                                • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF6FA946006
                                                                                                                                                                                                                • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF6FA946043
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                                                                                                                                                                • API String ID: 1662231829-3498232454
                                                                                                                                                                                                                • Opcode ID: e7db58c18a2d288e789c49a99f21a93185caa056b732c061e279c77c2bdcc716
                                                                                                                                                                                                                • Instruction ID: 45f4492246527eb445c17a319e15975e2be01c38db4555bbf72dc43500bdbacd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e7db58c18a2d288e789c49a99f21a93185caa056b732c061e279c77c2bdcc716
                                                                                                                                                                                                                • Instruction Fuzzy Hash: EB318391B3978280FB64A725E9553BA5291BF997C0F848472DF7EC27D7FE2CE1048600
                                                                                                                                                                                                                Function 00007FF6FA94C420 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF6FA94C6D2,?,?,?,00007FF6FA94C3CC,?,?,?,?,00007FF6FA94C0ED), ref: 00007FF6FA94C4A5
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF6FA94C6D2,?,?,?,00007FF6FA94C3CC,?,?,?,?,00007FF6FA94C0ED), ref: 00007FF6FA94C4B3
                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF6FA94C6D2,?,?,?,00007FF6FA94C3CC,?,?,?,?,00007FF6FA94C0ED), ref: 00007FF6FA94C4DD
                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,?,00007FF6FA94C6D2,?,?,?,00007FF6FA94C3CC,?,?,?,?,00007FF6FA94C0ED), ref: 00007FF6FA94C523
                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,?,?,00007FF6FA94C6D2,?,?,?,00007FF6FA94C3CC,?,?,?,?,00007FF6FA94C0ED), ref: 00007FF6FA94C52F
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                • String ID: api-ms-
                                                                                                                                                                                                                • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                • Opcode ID: 1c453ae4bf38a437f7b70d8e644795e8176eb85b810932e67f5fd4f40fb0e1dd
                                                                                                                                                                                                                • Instruction ID: f6e2cb6585ef66000e3ec39878c0382d7b870b8517f1721fe0d90968af079ea8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c453ae4bf38a437f7b70d8e644795e8176eb85b810932e67f5fd4f40fb0e1dd
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1F31A125A2A64299EF219B16A40057923D8BF09BA8F5A8576DD3DCB3C6FE3CE440C340
                                                                                                                                                                                                                Function 00007FF6FA947490 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32 ref: 00007FF6FA9474CA
                                                                                                                                                                                                                  • Part of subcall function 00007FF6FA942610: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6FA947233,?,?,?,?,?,?,?,?,?,?,?,00007FF6FA94101D), ref: 00007FF6FA942644
                                                                                                                                                                                                                  • Part of subcall function 00007FF6FA942610: MessageBoxW.USER32 ref: 00007FF6FA94271C
                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32 ref: 00007FF6FA947550
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                                                • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                                                • API String ID: 3723044601-876015163
                                                                                                                                                                                                                • Opcode ID: a6f1c9715947d873718802f76a212db1658c74b085baec75c1e349c2d31a076f
                                                                                                                                                                                                                • Instruction ID: 73d87cd9dcabec796dcb37f6cc2ba91393062dedd804fd25f66f9769204877f1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a6f1c9715947d873718802f76a212db1658c74b085baec75c1e349c2d31a076f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 86215125B28A4281EB50CB19F45006AA3B1BF857C4B584572DF6CC7BEAFE2CE5458740
                                                                                                                                                                                                                Function 00007FF6FA962280 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                • String ID: CONOUT$
                                                                                                                                                                                                                • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                • Opcode ID: bcad4bfd22897d90546c83000e2a55e68d64a70218818eb37a662133ca5c2491
                                                                                                                                                                                                                • Instruction ID: 2e1a01801f032322e4a090d4e6502246b5bad53bac9cf4b468efb4600196c0e5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: bcad4bfd22897d90546c83000e2a55e68d64a70218818eb37a662133ca5c2491
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4A118E31A28B4186E3508B12E85432963A4FF89FE4F440274EA2DC77E5EF3CD4448780
                                                                                                                                                                                                                Function 00007FF6FA942230 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                • String ID: Unhandled exception in script
                                                                                                                                                                                                                • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                • Opcode ID: 4aee04a7886f521385e162f3af3d8ef7b6e47f563245e1f94cffa6d44c137a89
                                                                                                                                                                                                                • Instruction ID: c356e89acd1fa8f652054e100056771b8ff2650f28b0992a2da9f4913b69df5c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4aee04a7886f521385e162f3af3d8ef7b6e47f563245e1f94cffa6d44c137a89
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9131753262868285EB24DF21E8551F963A0FF48784F404175EE5EC7B9AEF3CD145C700
                                                                                                                                                                                                                Function 00007FF6FA942610 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6FA947233,?,?,?,?,?,?,?,?,?,?,?,00007FF6FA94101D), ref: 00007FF6FA942644
                                                                                                                                                                                                                  • Part of subcall function 00007FF6FA946FA0: GetLastError.KERNEL32(00000000,00007FF6FA942690), ref: 00007FF6FA946FC7
                                                                                                                                                                                                                  • Part of subcall function 00007FF6FA946FA0: FormatMessageW.KERNEL32(00000000,00007FF6FA942690), ref: 00007FF6FA946FF6
                                                                                                                                                                                                                  • Part of subcall function 00007FF6FA947490: MultiByteToWideChar.KERNEL32 ref: 00007FF6FA9474CA
                                                                                                                                                                                                                • MessageBoxW.USER32 ref: 00007FF6FA94271C
                                                                                                                                                                                                                • MessageBoxA.USER32 ref: 00007FF6FA942738
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Message$ErrorLast$ByteCharFormatMultiWide
                                                                                                                                                                                                                • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                                                • API String ID: 2806210788-2410924014
                                                                                                                                                                                                                • Opcode ID: 400fce4ea561395ecb7c9931c898940bca1409bd045f3b8d566701ceccfa415d
                                                                                                                                                                                                                • Instruction ID: 26402fa95a877401d32e1c1d9fed2ada825672c18874c26d96056d4d5aca6dbb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 400fce4ea561395ecb7c9931c898940bca1409bd045f3b8d566701ceccfa415d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A631367263868291E7309710E4517EA6364FF84788F404076EAADC7BDAEF3CD245C740
                                                                                                                                                                                                                Function 00007FF6FA9543E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                • Opcode ID: 5a160c9bdce1f9d43ea406b437463d4fa60eb1ab7842eb725466103b76bc2848
                                                                                                                                                                                                                • Instruction ID: 7fa8ed6314f91143e0b226955ae18fb4faaafa12c6b95ee93d7b3e71abb4f41a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5a160c9bdce1f9d43ea406b437463d4fa60eb1ab7842eb725466103b76bc2848
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F6F05461B3D64281EF448F15E89437813A5AF85B41F441075E56FC63E2EF3CD488C740
                                                                                                                                                                                                                Function 00007FF6FA963854 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _set_statfp
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1156100317-0
                                                                                                                                                                                                                • Opcode ID: b937517b4f482d0939308dbd49bace3de9952a95ba32e0c18fc8e236c2565ddb
                                                                                                                                                                                                                • Instruction ID: 44d117b4abc5a0ae76f683c2a60815693214dc974303976177af681198925ec0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b937517b4f482d0939308dbd49bace3de9952a95ba32e0c18fc8e236c2565ddb
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 42114F2AE3CA5302F7541128E5563B710516F573B4F1C06BCEB7ECA7D7EE2CA8454281
                                                                                                                                                                                                                Function 00007FF6FA95A940 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                • Opcode ID: 55788242df50e1a30cd54507ff4bf163bc38528b1732f9cc2afaa672e73b8d51
                                                                                                                                                                                                                • Instruction ID: 9351ae6d7a103e022a070be33993a16a4a8a0ec5790859391e86291f42de0cc5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 55788242df50e1a30cd54507ff4bf163bc38528b1732f9cc2afaa672e73b8d51
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4181C471E382428DF7644F2DC21A27836E2AF11745F9580B5CA2AD7AC7FF2DE8419249
                                                                                                                                                                                                                Function 00007FF6FA9424C0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                                                • API String ID: 1878133881-2410924014
                                                                                                                                                                                                                • Opcode ID: 69d8018c69fa0ba47995e0ce162d6b42525d4d2d5850a1053315e8c6180101b4
                                                                                                                                                                                                                • Instruction ID: 62abd2bfb999e1ea2cdf27bc7e285aee63a38f2d59c7d7008ec4ddce48bb0264
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 69d8018c69fa0ba47995e0ce162d6b42525d4d2d5850a1053315e8c6180101b4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FE31147263868291E7209711E4517EA63A4FF84784F448075EAADC7BDAEF3CD605CB50
                                                                                                                                                                                                                Function 00007FF6FA943A40 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(?,00007FF6FA94353B), ref: 00007FF6FA943A71
                                                                                                                                                                                                                  • Part of subcall function 00007FF6FA942610: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6FA947233,?,?,?,?,?,?,?,?,?,?,?,00007FF6FA94101D), ref: 00007FF6FA942644
                                                                                                                                                                                                                  • Part of subcall function 00007FF6FA942610: MessageBoxW.USER32 ref: 00007FF6FA94271C
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorFileLastMessageModuleName
                                                                                                                                                                                                                • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                                                                                                                                                                • API String ID: 2581892565-1977442011
                                                                                                                                                                                                                • Opcode ID: 1c9edb799956f43a69bcedd1b9a00334b54fc6e72bcb62656acab3b705975844
                                                                                                                                                                                                                • Instruction ID: 391b03877cebafde430ce2476421e24349892f3499756760a82d1cf11c1394d2
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c9edb799956f43a69bcedd1b9a00334b54fc6e72bcb62656acab3b705975844
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A6017C60B3864281FF60A720E8153BA2295BF48784F8084B6DD7DC67D3FE1CE1488640
                                                                                                                                                                                                                Function 00007FF6FA960CAC Relevance: 6.2, APIs: 4, Instructions: 159COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo$_get_daylight
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 72036449-0
                                                                                                                                                                                                                • Opcode ID: 37c70a1ef6a079ec95ee04a40b31ce5c5df444ed978d8de4477b5a7606ce7098
                                                                                                                                                                                                                • Instruction ID: 55b887e8f825fc14c19d34542cbc3c928dd8fef484f8f2a1dc971cd9b075a935
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 37c70a1ef6a079ec95ee04a40b31ce5c5df444ed978d8de4477b5a7606ce7098
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8751C132D2C31286F7694928A4A537E66C0EF42714F19C6B5DA3DC63D7EE2CF84096C1
                                                                                                                                                                                                                Function 00007FF6FA941F60 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1956198572-0
                                                                                                                                                                                                                • Opcode ID: 4a3e62a95b454dadb353150d352b283421c9113fe456df8e506f44dbb2775c65
                                                                                                                                                                                                                • Instruction ID: 6b4b200c044675b45fb17df83a844d3658ac1c3222c8dbb4c94ee8cbaa3e450f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4a3e62a95b454dadb353150d352b283421c9113fe456df8e506f44dbb2775c65
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4911E521E3815282F7549B6AE5442B95292FF89B80F94C0B1EE7DC6BCFFE2CD4818300
                                                                                                                                                                                                                Function 00007FF6FA94DD10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 145COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3215553584-3916222277
                                                                                                                                                                                                                • Opcode ID: 7b11439edd9adaac7c4e013e5372446c9314c2fb78d936ab9d4898aaada9fb84
                                                                                                                                                                                                                • Instruction ID: 366df9fe42c8b8278a13dc35712ac761d04913e7425ca5f13cbd3bc2bf28d6bb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7b11439edd9adaac7c4e013e5372446c9314c2fb78d936ab9d4898aaada9fb84
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7C51807A92C61286EB648F28C05437D37A5FB25B08F54A1B5CE3AC62D7EF28E481C701
                                                                                                                                                                                                                Function 00007FF6FA958C64 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID: e+000$gfff
                                                                                                                                                                                                                • API String ID: 3215553584-3030954782
                                                                                                                                                                                                                • Opcode ID: 9b165a6006e8c8b6c2028c6ade3b602bb750e690e74d828472ce81c508c8919f
                                                                                                                                                                                                                • Instruction ID: 36d0095de7ff995df65f3e976b7cc5e32fd5d4081c1a5ff0a3bca1f4911576ec
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9b165a6006e8c8b6c2028c6ade3b602bb750e690e74d828472ce81c508c8919f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C851F962B287C189E7658B39D8413697AD1EB51B90F48D2B1C6BCC7BD7EE2CE444C700
                                                                                                                                                                                                                Function 00007FF6FA9448D0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 123COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: mbstowcs
                                                                                                                                                                                                                • String ID: Failed to convert Wflag %s using mbstowcs (invalid multibyte string)$pyi-
                                                                                                                                                                                                                • API String ID: 103190477-3625900369
                                                                                                                                                                                                                • Opcode ID: aed045b625ebf3905c0aff7a32b24a02301d8b5edd0b4d444675b66f29e8e204
                                                                                                                                                                                                                • Instruction ID: f2a04a528b7569c47ecba7ae1e9026db3aafb8ef78df5093e2ed39c982b67643
                                                                                                                                                                                                                • Opcode Fuzzy Hash: aed045b625ebf3905c0aff7a32b24a02301d8b5edd0b4d444675b66f29e8e204
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DF51A161A2860246FB14AB29E8122B932A1FF84B94F5481B5DE3DC77DBFE3CE4418350
                                                                                                                                                                                                                Function 00007FF6FA9539A8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileFreeHeapModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID: C:\Users\user\Desktop\Ei5hvT55El.exe
                                                                                                                                                                                                                • API String ID: 13503096-3869005451
                                                                                                                                                                                                                • Opcode ID: ff5796dd5e04d12419cff41d6bf4f0ab72f95968fed81c257b5093fab464f084
                                                                                                                                                                                                                • Instruction ID: 143f440c096b2cff2dcf4c7a3ef84b264d287e5fd0b962fdec1070ddbca10738
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ff5796dd5e04d12419cff41d6bf4f0ab72f95968fed81c257b5093fab464f084
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B41A036A2871289EB15DF29A4620BD37D4EF44791F544079EA6EC7BC7EE3DE4418300
                                                                                                                                                                                                                Function 00007FF6FA9574EC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                • String ID: U
                                                                                                                                                                                                                • API String ID: 442123175-4171548499
                                                                                                                                                                                                                • Opcode ID: f42627c61a7f25b683248ff20e1504dd0ed5ade7a377c0ec61c80a04a1b4700a
                                                                                                                                                                                                                • Instruction ID: 65db5549e2b1a1af3ad75c4e3477f5aedfb6d58e6ee8e9b692e3a8fd01926756
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f42627c61a7f25b683248ff20e1504dd0ed5ade7a377c0ec61c80a04a1b4700a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F141D032A29A4186EB208F29E4453AA67A0FB88784F904431EE5EC7BC9EF3CD541C740
                                                                                                                                                                                                                Function 00007FF6FA959DD4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CurrentDirectory
                                                                                                                                                                                                                • String ID: :
                                                                                                                                                                                                                • API String ID: 1611563598-336475711
                                                                                                                                                                                                                • Opcode ID: b577028646e4ba8833711ba0d4db1c0c656407dc00ae643860b9eea75b9598b4
                                                                                                                                                                                                                • Instruction ID: 58f5a39b1f5b89e72f891829de41cfd35c5fcc7a458c40864df8149e071f4537
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b577028646e4ba8833711ba0d4db1c0c656407dc00ae643860b9eea75b9598b4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C8210436A2824185FB308B1AD04527D73F5FB84B84F858075DAADC36C6EF7CE9498780
                                                                                                                                                                                                                Function 00007FF6FA942760 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                • String ID: Fatal error detected
                                                                                                                                                                                                                • API String ID: 1878133881-4025702859
                                                                                                                                                                                                                • Opcode ID: 2b61138d8ba7e34161e8adb61536ce26b4d2be66a0e24b62ca542749820394dc
                                                                                                                                                                                                                • Instruction ID: 0a262a06a59642c3c81e523615c07875043db73b6dde1bc7d4e9b4662d6b3c82
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2b61138d8ba7e34161e8adb61536ce26b4d2be66a0e24b62ca542749820394dc
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5221327263868291EB209B11F4517EA6364FF84788F809175EAADC7BDAEF3CD205C750
                                                                                                                                                                                                                Function 00007FF6FA942870 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                • String ID: Error detected
                                                                                                                                                                                                                • API String ID: 1878133881-3513342764
                                                                                                                                                                                                                • Opcode ID: 5ed7caf57bd188301ead484277fc77409bb9e70f87c7d7e6d20278c1c0f354ae
                                                                                                                                                                                                                • Instruction ID: c59f165b9914e905d1a48cf279843ca3657d706c4b2529afd063430ea682d15e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5ed7caf57bd188301ead484277fc77409bb9e70f87c7d7e6d20278c1c0f354ae
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 79213272638A8291EB309B11F4517EA6364FF84788F805175EAADC7ADAEF3CD205C750
                                                                                                                                                                                                                Function 00007FF6FA95982C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CompareStringtry_get_function
                                                                                                                                                                                                                • String ID: CompareStringEx
                                                                                                                                                                                                                • API String ID: 3328479835-2590796910
                                                                                                                                                                                                                • Opcode ID: 29c81749be49492956bf448d50416fb18953341cf3f470c3aeb53833f47193c7
                                                                                                                                                                                                                • Instruction ID: 0142c17247ab759b87e3d31db24ae0d95d4fc3beda0e8eb3d1f6224185fd79ab
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 29c81749be49492956bf448d50416fb18953341cf3f470c3aeb53833f47193c7
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD114D36A18B8186D760CB16F4402AAB7A5FBC9BD0F144136EE9DC3B5ADF3CD4508B80
                                                                                                                                                                                                                Function 00007FF6FA959A98 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Stringtry_get_function
                                                                                                                                                                                                                • String ID: LCMapStringEx
                                                                                                                                                                                                                • API String ID: 2588686239-3893581201
                                                                                                                                                                                                                • Opcode ID: 938b4cabf045120e554f7056953f86ac9635c27825e0d85b6221573e9749b67b
                                                                                                                                                                                                                • Instruction ID: 312fb35cf0761ebb64d2ac8f72d1f57a361a959cd1cd2906ccf637da46b9952b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 938b4cabf045120e554f7056953f86ac9635c27825e0d85b6221573e9749b67b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53114F36618BC186D760CB15F4402AAB7A5FBC9B90F544136EE9DC3B5ADF3CD5408B40
                                                                                                                                                                                                                Function 00007FF6FA95A7E8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID: :
                                                                                                                                                                                                                • API String ID: 3215553584-336475711
                                                                                                                                                                                                                • Opcode ID: ac9e6cf1ee5af4ee396f22b42a5cc566f50753507a16ff94a4f2570f0bd7836c
                                                                                                                                                                                                                • Instruction ID: 5d83b517f3ec25364d743b23556bb7c0102a561736f6ae3ec8316b11df754ec6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ac9e6cf1ee5af4ee396f22b42a5cc566f50753507a16ff94a4f2570f0bd7836c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7601A26293C20389F724AF64A45217E63A0FF48745F801075DA6DC6AD3FF3CE5098A14
                                                                                                                                                                                                                Function 00007FF6FA959A34 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • try_get_function.LIBVCRUNTIME ref: 00007FF6FA959A65
                                                                                                                                                                                                                • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,-00000018,00007FF6FA955D0E,?,?,?,00007FF6FA955C06,?,?,?,00007FF6FA950C32,?,?,00000000,00007FF6FA943BA9), ref: 00007FF6FA959A7F
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CountCriticalInitializeSectionSpintry_get_function
                                                                                                                                                                                                                • String ID: InitializeCriticalSectionEx
                                                                                                                                                                                                                • API String ID: 539475747-3084827643
                                                                                                                                                                                                                • Opcode ID: ea2b473bdb4af6d4d3061d9ce177a635df04aaff899401cb1b17dfcad325bad1
                                                                                                                                                                                                                • Instruction ID: 5848b35d2cdd913c85df937849e3cd81ef96ad7630cab0652f2be27cf54f3d30
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ea2b473bdb4af6d4d3061d9ce177a635df04aaff899401cb1b17dfcad325bad1
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6CF0BE25A2878182F7088B45F4400A82361AF48B90F8840B5EE2DC3B96EF3CE8458780
                                                                                                                                                                                                                Function 00007FF6FA9599E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • try_get_function.LIBVCRUNTIME ref: 00007FF6FA959A09
                                                                                                                                                                                                                • TlsSetValue.KERNEL32(?,?,00000000,00007FF6FA9586AA,?,?,00000000,00007FF6FA94FC79,?,?,?,?,00007FF6FA9559F1), ref: 00007FF6FA959A20
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000001.00000002.1713577223.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713551483.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713610526.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713641991.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000001.00000002.1713713028.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Valuetry_get_function
                                                                                                                                                                                                                • String ID: FlsSetValue
                                                                                                                                                                                                                • API String ID: 738293619-3750699315
                                                                                                                                                                                                                • Opcode ID: df5f7d63849f41ae9f7569e8dc870c87d44edfa89a3ce8aff31ae8955888d4c4
                                                                                                                                                                                                                • Instruction ID: b9986fb696099c5a6be903213cd0069f16376dc441dd17220b2dfaaac115f79a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: df5f7d63849f41ae9f7569e8dc870c87d44edfa89a3ce8aff31ae8955888d4c4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F0E09B65E3864292FB054B55F4014B42362EF49780F484072D93DC63D7EF3CE854C390

                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                Execution Coverage:1.7%
                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                Signature Coverage:0.4%
                                                                                                                                                                                                                Total number of Nodes:2000
                                                                                                                                                                                                                Total number of Limit Nodes:34
                                                                                                                                                                                                                execution_graph 75336 70a0e6f0 75337 70a0e745 75336->75337 75341 70a0e89b 75336->75341 75338 70a0e805 strlen strncmp 75337->75338 75337->75341 75340 70a0e82b 75338->75340 75340->75341 75342 70a0dc10 75340->75342 75369 70a96150 75342->75369 75345 70a0dc92 75351 70a0e550 75345->75351 75360 70a0dca0 75345->75360 75346 70a0df5a 75411 70a04590 35 API calls 75346->75411 75347 70a0dcbe 75371 70a0a420 malloc 75347->75371 75413 70a96380 14 API calls 75351->75413 75352 70a05300 35 API calls 75368 70a0dc56 75352->75368 75353 70a0df7d 75353->75368 75416 70a96380 14 API calls 75353->75416 75354 70a0a420 55 API calls 75354->75368 75358 70a0dce4 75409 70a04590 35 API calls 75358->75409 75360->75346 75360->75347 75367 70a0dc7b 75360->75367 75360->75368 75364 70a0dcef free 75364->75368 75365 70a0ddb6 free 75365->75368 75367->75341 75368->75352 75368->75353 75368->75354 75368->75367 75410 70a05300 35 API calls 75368->75410 75412 70a268a0 __iob_func abort 75368->75412 75414 70a26200 __iob_func abort 75368->75414 75415 70a26d60 __iob_func abort 75368->75415 75370 70a0dc26 strlen strncmp 75369->75370 75370->75345 75370->75368 75372 70a0a4c4 75371->75372 75373 70a0a44a 75371->75373 75375 70a0a5c0 75372->75375 75376 70a0a4db 75372->75376 75417 70a2db90 __iob_func abort 75373->75417 75421 70a04230 7 API calls 75375->75421 75380 70a0a6c0 _errno strerror 75376->75380 75381 70a0a4ea _errno 75376->75381 75378 70a0a455 75387 70a0a490 free 75378->75387 75388 70a0a470 75378->75388 75379 70a0a5d3 75382 70a0a730 fprintf 75379->75382 75383 70a0a5df _errno 75379->75383 75389 70a0a6e6 fprintf 75380->75389 75384 70a0a47a 75381->75384 75397 70a0a767 _errno strerror fprintf 75382->75397 75385 70a0a787 _errno strerror fprintf 75383->75385 75386 70a0a5eb 8 API calls 75383->75386 75384->75358 75384->75367 75394 70a0a660 fprintf 75386->75394 75391 70a0a4f4 75387->75391 75396 70a0a4a9 75387->75396 75418 70a03760 14 API calls 75388->75418 75389->75382 75419 70a04230 7 API calls 75391->75419 75399 70a0a675 fputc 75394->75399 75395 70a0a507 75395->75389 75398 70a0a513 _errno 75395->75398 75400 70a0a4b8 _errno 75396->75400 75406 70a0a690 75396->75406 75397->75385 75398->75397 75402 70a0a51f fprintf 75398->75402 75399->75406 75400->75384 75420 70a2db70 75402->75420 75404 70a0a54a fprintf fputc fclose 75405 70a0a57f 75404->75405 75407 70a0a590 fprintf 75405->75407 75406->75380 75408 70a0a5a5 fputc 75407->75408 75408->75375 75409->75364 75410->75365 75411->75353 75412->75368 75414->75368 75415->75368 75417->75378 75418->75384 75419->75395 75420->75404 75421->75379 75422 70a199f0 75423 70a1a6d0 75422->75423 75479 70a19a11 75422->75479 75424 70a1a6e7 _errno 75423->75424 75433 70a19afb 75423->75433 75424->75479 75425 70a1a704 75426 70a1a903 _errno 75427 70a1a911 fprintf fprintf fputc fclose 75426->75427 75428 70a1aff3 _errno strerror fprintf 75426->75428 75434 70a1a96e fprintf 75427->75434 75428->75433 75429 70a1a73f _errno 75431 70a1b493 _errno strerror fprintf 75429->75431 76130 70a1a74b fprintf fputc fclose 75429->76130 75430 70a1b33e fprintf 75430->75479 75431->75479 75432 70a1a8be fprintf 75432->75433 75433->75426 75433->75429 75433->75430 75433->75432 75436 70a1a7c0 _errno 75433->75436 75440 70a19c7e GetProcAddress 75433->75440 75441 70a1b021 fprintf 75433->75441 75449 70a1ae06 _errno 75433->75449 75452 70a1a7fc _errno 75433->75452 75458 70a1bb50 _errno 75433->75458 75459 70a1bf77 fprintf 75433->75459 75462 70a1aa9f _errno 75433->75462 75464 70a1bd30 free 75433->75464 75467 70a1ac44 _errno 75433->75467 75472 70a1c1aa fprintf 75433->75472 75478 70a1ad14 _errno 75433->75478 75433->75479 75481 70a1aeb1 fprintf 75433->75481 75482 70a1a9e2 _errno 75433->75482 75483 70a1c781 fprintf 75433->75483 75485 70a1bb71 _errno strerror fprintf 75433->75485 75490 70a1c0f8 _errno 75433->75490 75493 70a1bd71 _errno 75433->75493 75494 70a1c221 fprintf 75433->75494 75495 70a1ba8f fprintf 75433->75495 75496 70a1aeee fprintf 75433->75496 75500 70a1bfae fprintf 75433->75500 75502 70a1ab74 _errno 75433->75502 75506 70a1c98c fprintf 75433->75506 75507 70a1c5d8 _errno 75433->75507 75508 70a1b98e fprintf 75433->75508 75516 70a1bce1 fprintf 75433->75516 75517 70a1c129 fprintf fprintf fputc fclose 75433->75517 75520 70a1b627 _errno 75433->75520 75523 70a1ccfd fprintf 75433->75523 75526 70a1b884 _errno 75433->75526 75528 70a1b1cd fprintf 75433->75528 75529 70a1cab3 fprintf 75433->75529 75533 70a1c361 fprintf 75433->75533 75534 70a1c855 _errno 75433->75534 75542 70a1bd9e fprintf 75433->75542 75543 70a1c30a fprintf 75433->75543 75545 70a1af56 _errno 75433->75545 75546 70a1bf4a _errno 75433->75546 75550 70a1d181 fprintf 75433->75550 75551 70a1c4e5 fprintf 75433->75551 75554 70a1c178 fprintf 75433->75554 75556 70a1c26f _errno 75433->75556 75561 70a1c7d8 fprintf 75433->75561 75562 70a1b7c6 _errno 75433->75562 75563 70a1bbc7 _errno 75433->75563 75567 70a1c51c fprintf 75433->75567 75568 70a1d1e2 _errno 75433->75568 75570 70a1b5cd fprintf 75433->75570 75573 70a1be70 _errno 75433->75573 75574 70a1c72a fprintf 75433->75574 75575 70a1baf4 _errno 75433->75575 75576 70a1ba0e fprintf fprintf fputc fclose 75433->75576 75582 70a1c955 fprintf 75433->75582 75586 70a1c9eb _errno 75433->75586 75587 70a1b9f4 _errno 75433->75587 75594 70a1c398 fprintf 75433->75594 75595 70a1b17e fprintf fprintf fputc fclose 75433->75595 75596 70a1c00b _errno 75433->75596 75600 70a1d684 fprintf 75433->75600 75606 70a1cb0a fprintf 75433->75606 75609 70a1c3f5 _errno 75433->75609 75613 70a1b44e 75433->75613 75614 70a1c6fa fprintf 75433->75614 75617 70a1c644 _errno 75433->75617 75618 70a1ba5d fprintf 75433->75618 75620 70a1d3a3 fprintf 75433->75620 75621 70a1cb61 fprintf 75433->75621 75627 70a1ccbf fprintf 75433->75627 75630 70a1cd73 _errno 75433->75630 75632 70a1b562 _errno 75433->75632 75636 70a1cf3a fprintf 75433->75636 75637 70a1be04 _errno 75433->75637 75646 70a1d75c _errno 75433->75646 75652 70a1d111 fprintf 75433->75652 75656 70a1d6c2 fprintf 75433->75656 75657 70a1b57e fprintf fprintf fputc fclose 75433->75657 75663 70a1cbc0 _errno 75433->75663 75664 70a1d4d1 fprintf 75433->75664 75669 70a1ce7b _errno 75433->75669 75670 70a1e045 fprintf 75433->75670 75671 70a2196f fprintf 75433->75671 75672 70a1d3da fprintf 75433->75672 75673 70a1d87a _errno 75433->75673 75674 70a1d422 _errno 75433->75674 75681 70a1d2bb _errno 75433->75681 75690 70a1dba2 fprintf 75433->75690 75695 70a1d548 fprintf 75433->75695 75701 70a1d80b fprintf 75433->75701 75704 70a1dd71 GetProcAddress 75433->75704 75710 70a1d5be _errno 75433->75710 75713 70a1dc33 _errno 75433->75713 75714 70a219be _errno 75433->75714 75729 70a21d3b _errno 75433->75729 75730 70a1dcf9 fprintf 75433->75730 75731 70a21a84 fprintf 75433->75731 75736 70a1e132 _errno 75433->75736 75737 70a1df24 _errno 75433->75737 75739 70a1dcc0 fprintf 75433->75739 75742 70a21e01 fprintf 75433->75742 75743 70a21a4b fprintf 75433->75743 75744 70a04230 7 API calls 75433->75744 75745 70a1d96f _errno 75433->75745 75750 70a21e4d _errno 75433->75750 75751 70a1e1f8 fprintf 75433->75751 75754 70a1da35 fprintf 75433->75754 75755 70a21c10 _errno 75433->75755 75756 70a1dfea fprintf 75433->75756 75758 70a21dc8 fprintf 75433->75758 75763 70a1de12 _errno 75433->75763 75764 70a1da81 _errno 75433->75764 75768 70a1e1bf fprintf 75433->75768 75769 70a21f13 fprintf 75433->75769 75772 70a21afe _errno 75433->75772 75773 70a1ded8 fprintf 75433->75773 75776 70a1dfb1 fprintf 75433->75776 75777 70a21cd6 fprintf 75433->75777 75778 70a2182e _errno 75433->75778 75781 70a1d9fc fprintf 75433->75781 75784 70a2171c _errno 75433->75784 75785 70a21bc4 fprintf 75433->75785 75786 70a1db47 fprintf 75433->75786 75791 70a21eda fprintf 75433->75791 75795 70a21c9d fprintf 75433->75795 75796 70a218f4 fprintf 75433->75796 75798 70a215dc _errno 75433->75798 75799 70a1de9f fprintf 75433->75799 75801 70a21b8b fprintf 75433->75801 75802 70a1db0e fprintf 75433->75802 75803 70a217e2 fprintf 75433->75803 75805 70a214ca _errno 75433->75805 75810 70a2138a _errno 75433->75810 75812 70a218bb fprintf 75433->75812 75816 70a216a2 fprintf 75433->75816 75819 70a21278 _errno 75433->75819 75820 70a217a9 fprintf 75433->75820 75826 70a21590 fprintf 75433->75826 75830 70a21450 fprintf 75433->75830 75832 70a1b716 _errno 75433->75832 75833 70a21138 _errno 75433->75833 75834 70a21669 fprintf 75433->75834 75836 70a2133e fprintf 75433->75836 75838 70a21026 _errno 75433->75838 75839 70a21557 fprintf 75433->75839 75843 70a20ee6 _errno 75433->75843 75844 70a21417 fprintf 75433->75844 75850 70a211fe fprintf 75433->75850 75851 70a20dd4 _errno 75433->75851 75852 70a21305 fprintf 75433->75852 75857 70a210ec fprintf 75433->75857 75861 70a20fac fprintf 75433->75861 75863 70a20c94 _errno 75433->75863 75864 70a211c5 fprintf 75433->75864 75866 70a20e9a fprintf 75433->75866 75868 70a20b82 _errno 75433->75868 75870 70a210b3 fprintf 75433->75870 75873 70a20a42 _errno 75433->75873 75874 70a20f73 fprintf 75433->75874 75879 70a20d5a fprintf 75433->75879 75880 70a20930 _errno 75433->75880 75881 70a20e61 fprintf 75433->75881 75886 70a20c48 fprintf 75433->75886 75889 70a1b164 _errno 75433->75889 75891 70a20b08 fprintf 75433->75891 75894 70a207f0 _errno 75433->75894 75895 70a20d21 fprintf 75433->75895 75898 70a209f6 fprintf 75433->75898 75899 70a206de _errno 75433->75899 75900 70a20c0f fprintf 75433->75900 75904 70a2059e _errno 75433->75904 75905 70a20acf fprintf 75433->75905 75910 70a208b6 fprintf 75433->75910 75911 70a2048c _errno 75433->75911 75912 70a209bd fprintf 75433->75912 75916 70a1b309 _errno 75433->75916 75919 70a207a4 fprintf 75433->75919 75923 70a20664 fprintf 75433->75923 75925 70a2034c _errno 75433->75925 75926 70a2087d fprintf 75433->75926 75928 70a20552 fprintf 75433->75928 75929 70a2023a _errno 75433->75929 75930 70a2076b fprintf 75433->75930 75934 70a200fa _errno 75433->75934 75935 70a2062b fprintf 75433->75935 75940 70a20412 fprintf 75433->75940 75941 70a1ffe8 _errno 75433->75941 75942 70a20519 fprintf 75433->75942 75943 70a1c59b _errno 75433->75943 75947 70a20300 fprintf 75433->75947 75952 70a201c0 fprintf 75433->75952 75954 70a1fea8 _errno 75433->75954 75955 70a203d9 fprintf 75433->75955 75957 70a200ae fprintf 75433->75957 75958 70a1b956 _errno 75433->75958 75959 70a1fd96 _errno 75433->75959 75961 70a202c7 fprintf 75433->75961 75965 70a1d0c1 fprintf 75433->75965 75967 70a1fc56 _errno 75433->75967 75968 70a20187 fprintf 75433->75968 75973 70a1ff6e fprintf 75433->75973 75974 70a1fb44 _errno 75433->75974 75975 70a20075 fprintf 75433->75975 75979 70a1fe5c fprintf 75433->75979 75984 70a1fd1c fprintf 75433->75984 75986 70a1fa04 _errno 75433->75986 75988 70a1ff35 fprintf 75433->75988 75990 70a1fc0a fprintf 75433->75990 75991 70a1f8f2 _errno 75433->75991 75992 70a1fe23 fprintf 75433->75992 75996 70a1f7b2 _errno 75433->75996 75997 70a1fce3 fprintf 75433->75997 76002 70a1faca fprintf 75433->76002 76003 70a1f6a0 _errno 75433->76003 76004 70a1fbd1 fprintf 75433->76004 76008 70a1f9b8 fprintf 75433->76008 76014 70a1f878 fprintf 75433->76014 76015 70a1f560 _errno 75433->76015 76016 70a1fa91 fprintf 75433->76016 76019 70a1f766 fprintf 75433->76019 76020 70a1f44e _errno 75433->76020 76021 70a1f97f fprintf 75433->76021 76026 70a1f30e _errno 75433->76026 76027 70a1f83f fprintf 75433->76027 76032 70a1f626 fprintf 75433->76032 76033 70a1f1fc _errno 75433->76033 76034 70a1f72d fprintf 75433->76034 76038 70a1f514 fprintf 75433->76038 76043 70a1f3d4 fprintf 75433->76043 76044 70a1f0bc _errno 75433->76044 76046 70a1f5ed fprintf 75433->76046 76049 70a1f2c2 fprintf 75433->76049 76050 70a1efaa _errno 75433->76050 76051 70a1f4db fprintf 75433->76051 76056 70a1ee6a _errno 75433->76056 76057 70a1f39b fprintf 75433->76057 76062 70a1f182 fprintf 75433->76062 76065 70a1ed58 _errno 75433->76065 76066 70a1f289 fprintf 75433->76066 76070 70a1f070 fprintf 75433->76070 76076 70a1ef30 fprintf 75433->76076 76077 70a1ec18 _errno 75433->76077 76078 70a1f149 fprintf 75433->76078 76082 70a1ee1e fprintf 75433->76082 76083 70a1eb06 _errno 75433->76083 76084 70a1f037 fprintf 75433->76084 76089 70a1e9c6 _errno 75433->76089 76090 70a1eef7 fprintf 75433->76090 76095 70a1ecde fprintf 75433->76095 76098 70a1ede5 fprintf 75433->76098 76103 70a1ebcc fprintf 75433->76103 76104 70a1e8b4 _errno 75433->76104 76108 70a1ea8c fprintf 75433->76108 76110 70a1eca5 fprintf 75433->76110 76117 70a1eb93 fprintf 75433->76117 76118 70a1e758 _errno 75433->76118 76119 70a1e97a fprintf 75433->76119 76120 70a1ea53 fprintf 75433->76120 76121 70a1e646 _errno 75433->76121 76126 70a1e4ce _errno 75433->76126 76132 70a1e81e fprintf 75433->76132 76133 70a1e3bc _errno 75433->76133 76134 70a1e941 fprintf 75433->76134 76138 70a1e70c fprintf 75433->76138 76141 70a1e594 fprintf 75433->76141 76142 70a1e7e5 fprintf 75433->76142 76143 70a1e482 fprintf 75433->76143 76145 70a1e6d3 fprintf 75433->76145 76146 70a1e244 _errno 75433->76146 76147 70a1e55b fprintf 75433->76147 76151 70a1e449 fprintf 75433->76151 76153 70a1e30a fprintf 75433->76153 76156 70a1e2d1 fprintf 75433->76156 75437 70a1a980 fputc 75434->75437 75436->75425 75436->75433 75445 70a1a992 GetProcAddress 75437->75445 75438 70a1a788 fputc 75438->75425 75440->75433 75443 70a19cab GetProcAddress 75440->75443 75441->75479 75443->75433 75448 70a19cc0 GetProcAddress 75443->75448 75444 70a1b4c8 _errno 75444->75479 75445->75433 75450 70a19cf1 GetProcAddress 75445->75450 75448->75433 75451 70a19cd5 GetProcAddress 75448->75451 75453 70a1c753 _errno strerror fprintf 75449->75453 75454 70a1ae14 fprintf fprintf fputc fclose 75449->75454 75460 70a19d0d GetProcAddress 75450->75460 75450->75479 75451->75445 75451->75450 75455 70a1c1f3 _errno strerror fprintf 75452->75455 75456 70a1a808 fprintf fputc fclose 75452->75456 75453->75433 75461 70a1ae78 fprintf 75454->75461 75455->75433 75468 70a1a85a fputc 75456->75468 75458->75433 75463 70a1c801 _errno strerror fprintf 75458->75463 75459->75433 75465 70a19d29 GetProcAddress 75460->75465 75460->75479 75480 70a1ae91 fputc 75461->75480 75470 70a1bc80 _errno strerror fprintf 75462->75470 75471 70a1aaad fprintf fprintf fputc fclose 75462->75471 75463->75479 75464->75433 75464->75479 75465->75433 75466 70a19d3e GetProcAddress 75465->75466 75475 70a19d5a GetProcAddress 75466->75475 75466->75479 75476 70a1ac50 fprintf fprintf fputc fclose 75467->75476 75477 70a1bf0b _errno strerror fprintf 75467->75477 75468->75479 75469 70a1b76f _errno 75469->75479 75484 70a1c333 _errno strerror fprintf 75469->75484 75488 70a1bca0 fprintf 75470->75488 75499 70a1ab11 fprintf 75471->75499 75492 70a1c1d3 _errno strerror fprintf 75472->75492 75473 70a04a00 49 API calls 75486 70a1b3cc free 75473->75486 75474 70a1b087 _errno 75474->75425 75514 70a1b0a4 75474->75514 75475->75479 75487 70a19d6f GetProcAddress GetProcAddress 75475->75487 75504 70a1acb4 fprintf 75476->75504 75477->75433 75491 70a1ad20 fprintf fprintf fputc fclose 75478->75491 75478->75492 75479->75425 75479->75433 75479->75436 75479->75444 75479->75464 75479->75469 75479->75473 75479->75474 75479->75493 75530 70a1cf97 _errno 75479->75530 75564 70a1b417 _time64 75479->75564 75597 70a1b82f _errno 75479->75597 75727 70a1d91b GetProcAddress 75479->75727 75811 70a1a569 _time64 srand 75479->75811 75845 70a2d4b0 2 API calls 75479->75845 75915 70a2d0c0 10 API calls 75479->75915 76022 70a05fd0 107 API calls 75479->76022 76045 70a1b7f0 free 75479->76045 76058 70a1b238 free 75479->76058 76091 70a1b277 _errno 75479->76091 76101 70a0a420 55 API calls 75479->76101 76114 70a1b216 memcpy free 75479->76114 76163 70a2d920 75479->76163 76177 70a2d690 75479->76177 76191 70a2d210 75479->76191 76205 70a2d360 75479->76205 76219 70a70830 75479->76219 76228 70a04a00 75479->76228 76352 70a04230 7 API calls 75479->76352 75480->75436 75481->75433 75497 70a1cf6a _errno strerror fprintf 75482->75497 75498 70a1a9ee fprintf fprintf fputc fclose 75482->75498 75509 70a1c7aa _errno strerror fprintf 75483->75509 75484->75433 75485->75479 76329 70a0da10 75486->76329 75487->75479 75503 70a19d98 GetProcAddress GetProcAddress 75487->75503 75488->75438 75490->75433 75505 70a1c100 _errno strerror fprintf 75490->75505 75518 70a1ad84 fprintf 75491->75518 75492->75455 75493->75433 75494->75433 75495->75479 75496->75479 75497->75479 75521 70a1aa52 fprintf 75498->75521 75522 70a1ab2a fputc 75499->75522 75500->75433 75510 70a1ab80 fprintf fprintf fputc fclose 75502->75510 75511 70a1c4b7 _errno strerror fprintf 75502->75511 75503->75433 75512 70a19dc1 GetProcAddress GetProcAddress 75503->75512 75527 70a1accd fputc 75504->75527 75505->75433 75506->75479 75507->75433 75519 70a1c5e2 _errno strerror fprintf 75507->75519 75508->75479 75509->75433 75535 70a1abe4 fprintf 75510->75535 75511->75433 75512->75433 75524 70a19df1 GetProcAddress 75512->75524 75515 70a1b0c3 _errno 75514->75515 75540 70a1b4fe fprintf 75514->75540 76349 70a04230 7 API calls 75514->76349 75515->75485 75525 70a1b0d1 fprintf fputc fclose 75515->75525 75516->75479 75517->75433 75541 70a1ad9d fputc 75518->75541 75519->75433 75531 70a1b631 _errno strerror fprintf 75520->75531 75532 70a1b64c fprintf fprintf fputc fclose 75520->75532 75544 70a1aa6b fputc 75521->75544 75522->75479 75536 70a1cd26 _errno strerror fprintf 75523->75536 75524->75433 75537 70a19e0d GetProcAddress 75524->75537 75553 70a1b11d fputc 75525->75553 75538 70a1b890 fprintf fprintf fputc fclose 75526->75538 75539 70a1cadc _errno strerror fprintf 75526->75539 75527->75436 75555 70a1b1df fputc 75528->75555 75529->75433 75530->75425 75588 70a1cfdd 75530->75588 75531->75532 75557 70a1b6b0 fprintf 75532->75557 75533->75433 75547 70a1c877 fprintf fprintf fputc fclose 75534->75547 75548 70a1c85c _errno strerror fprintf 75534->75548 75549 70a1abfd fputc 75535->75549 75536->75479 75537->75433 75552 70a19e29 GetProcAddress 75537->75552 75569 70a1b8f4 fprintf 75538->75569 75539->75433 75540->75479 75541->75436 75542->75479 75543->75484 75544->75436 75558 70a1cc91 _errno strerror fprintf 75545->75558 75559 70a1af64 fprintf fprintf fputc fclose 75545->75559 75546->75433 75560 70a1cb33 _errno strerror fprintf 75546->75560 75580 70a1c8db fprintf 75547->75580 75548->75547 75549->75436 75550->75479 75551->75433 75552->75479 75566 70a19e3e GetProcAddress 75552->75566 75553->75425 75585 70a1c18a fputc 75554->75585 75555->75479 75556->75536 75571 70a1c27b fprintf fprintf fputc fclose 75556->75571 75589 70a1b6c9 fputc 75557->75589 75558->75433 75593 70a1afc8 fprintf 75559->75593 75560->75433 75561->75463 75562->75433 75577 70a1ca85 _errno strerror fprintf 75562->75577 75578 70a1bbd1 _errno strerror fprintf 75563->75578 75579 70a1bbec fprintf fprintf fputc fclose 75563->75579 76351 70a098a0 19 API calls 75564->76351 75566->75479 75581 70a19e53 GetProcAddress 75566->75581 75567->75433 75583 70a21921 _errno strerror fprintf 75568->75583 75584 70a1d1f4 fprintf fprintf fputc fclose 75568->75584 75601 70a1b90d fputc 75569->75601 75605 70a1b5df fputc 75570->75605 75607 70a1c2d8 fprintf 75571->75607 75590 70a1d13a _errno strerror fprintf 75573->75590 75591 70a1be7c fprintf fprintf fputc fclose 75573->75591 75574->75453 75575->75433 75592 70a1bb03 _errno strerror fprintf 75575->75592 75576->75433 75577->75433 75578->75579 75610 70a1bc50 fprintf 75579->75610 75598 70a1c8f4 fputc 75580->75598 75581->75433 75599 70a19e6f GetProcAddress 75581->75599 75582->75433 75619 70a21941 _errno strerror fprintf 75583->75619 75616 70a1d251 fprintf 75584->75616 75585->75479 75602 70a1c9f6 fprintf fprintf fputc fclose 75586->75602 75603 70a1d83b _errno strerror fprintf 75586->75603 75587->75433 75604 70a1ce25 _errno strerror fprintf 75587->75604 76353 70a04230 7 API calls 75588->76353 75589->75436 75590->75433 75623 70a1bee0 fprintf 75591->75623 75592->75433 75624 70a1afe1 fputc 75593->75624 75594->75433 75595->75433 75611 70a1c035 fprintf fprintf fputc fclose 75596->75611 75612 70a1c01a _errno strerror fprintf 75596->75612 75597->75479 75598->75436 75599->75479 75615 70a19e84 GetProcAddress 75599->75615 75600->75433 75601->75436 75633 70a1ca5a fprintf 75602->75633 75603->75433 75604->75479 75605->75444 75606->75560 75638 70a1c2ea fputc 75607->75638 75625 70a1d375 _errno strerror fprintf 75609->75625 75626 70a1c408 fprintf fprintf fputc fclose 75609->75626 75628 70a1bc69 fputc 75610->75628 75629 70a1c099 fprintf 75611->75629 75612->75611 75613->75425 75614->75433 75615->75433 75631 70a19ea0 GetProcAddress 75615->75631 75644 70a1d263 fputc 75616->75644 75634 70a1d4fa _errno strerror fprintf 75617->75634 75635 70a1c64f fprintf fprintf fputc fclose 75617->75635 75648 70a1ba6f fputc 75618->75648 75619->75433 75620->75433 75621->75433 75622 70a1cff0 75639 70a1cffc _errno 75622->75639 75640 70a1d07f fprintf 75622->75640 75651 70a1bef9 fputc 75623->75651 75624->75436 75625->75433 75653 70a1c46c fprintf 75626->75653 75627->75433 75628->75436 75654 70a1c0b2 fputc 75629->75654 75641 70a1cd81 _errno strerror fprintf 75630->75641 75642 70a1cd9c fprintf fprintf fputc fclose 75630->75642 75631->75433 75643 70a19eb5 GetProcAddress 75631->75643 75632->75433 75645 70a1c906 _errno strerror fprintf 75632->75645 75658 70a1ca73 fputc 75633->75658 75666 70a1d51a _errno strerror fprintf 75634->75666 75661 70a1c6b3 fprintf 75635->75661 75636->75497 75637->75433 75647 70a1be0e _errno strerror fprintf 75637->75647 75638->75433 75649 70a1d021 fprintf fputc fclose 75639->75649 75650 70a1d006 _errno strerror fprintf 75639->75650 75662 70a1d061 fputc 75640->75662 75641->75642 75667 70a1cdfc fprintf 75642->75667 75643->75479 75655 70a19ed1 GetProcAddress 75643->75655 75644->75433 75645->75433 75659 70a1e017 _errno strerror fprintf 75646->75659 75660 70a1d76e fprintf fprintf fputc fclose 75646->75660 75647->75433 75648->75479 75649->75662 75650->75649 75651->75436 75652->75590 75677 70a1c485 fputc 75653->75677 75654->75436 75655->75433 75668 70a19eed GetProcAddress 75655->75668 75656->75479 75657->75433 75658->75436 75659->75433 75682 70a1d7d2 fprintf 75660->75682 75683 70a1c6cc fputc 75661->75683 75662->75425 75675 70a1cbe2 fprintf fprintf fputc fclose 75663->75675 75676 70a1cbc7 _errno strerror fprintf 75663->75676 75664->75634 75666->75433 75688 70a1ce13 fputc 75667->75688 75668->75479 75678 70a19f02 GetProcAddress 75668->75678 75679 70a1ce82 _errno strerror fprintf 75669->75679 75680 70a1ce9d fprintf fprintf fputc fclose 75669->75680 75691 70a1e075 GetProcAddress 75670->75691 75671->75433 75672->75433 75684 70a1db74 _errno strerror fprintf 75673->75684 75685 70a1d88c fprintf fprintf fputc fclose 75673->75685 75674->75619 75686 70a1d434 fprintf fprintf fputc fclose 75674->75686 75694 70a1cc46 fprintf 75675->75694 75676->75675 75677->75436 75678->75433 75689 70a19f1e GetProcAddress 75678->75689 75679->75680 75699 70a1cf01 fprintf 75680->75699 75692 70a1dd26 _errno strerror fprintf 75681->75692 75693 70a1d2cd fprintf fprintf fputc fclose 75681->75693 75700 70a1d7eb fputc 75682->75700 75683->75436 75684->75433 75702 70a1d8f0 fprintf 75685->75702 75703 70a1d498 fprintf 75686->75703 75688->75425 75689->75433 75696 70a19f3a GetProcAddress 75689->75696 75690->75479 75697 70a1e091 GetProcAddress 75691->75697 75698 70a1a4b9 GetProcAddress 75691->75698 75708 70a1dd46 GetProcAddress 75692->75708 75707 70a1d331 fprintf 75693->75707 75709 70a1cc5f fputc 75694->75709 75695->75479 75696->75479 75706 70a19f56 GetProcAddress 75696->75706 75697->75433 75697->75698 75698->75704 75705 70a1a4d5 GetProcAddress 75698->75705 75712 70a1cf1a fputc 75699->75712 75700->75436 75701->75603 75716 70a1d909 fputc 75702->75716 75717 70a1d4b1 fputc 75703->75717 75704->75705 75715 70a1dd8d GetProcAddress 75704->75715 75705->75479 75705->75708 75706->75433 75711 70a19f72 GetProcAddress 75706->75711 75721 70a1d34a fputc 75707->75721 75708->75433 75709->75436 75718 70a1d5e7 fprintf fprintf fputc fclose 75710->75718 75719 70a1d5cc _errno strerror fprintf 75710->75719 75711->75433 75720 70a19f8e GetProcAddress 75711->75720 75712->75436 75722 70a1dc41 _errno strerror fprintf 75713->75722 75723 70a1dc5c fprintf fprintf fputc fclose 75713->75723 75724 70a219e7 fprintf fprintf fputc fclose 75714->75724 75725 70a219cc _errno strerror fprintf 75714->75725 75715->75705 75726 70a1dda9 GetProcAddress 75715->75726 75716->75436 75717->75436 75732 70a1d64b fprintf 75718->75732 75719->75718 75720->75433 75728 70a19faa GetProcAddress 75720->75728 75721->75436 75722->75723 75723->75433 75724->75433 75725->75724 75726->75433 75726->75705 75727->75433 75727->75479 75728->75433 75733 70a19fc6 GetProcAddress 75728->75733 75734 70a21d64 fprintf fprintf fputc fclose 75729->75734 75735 70a21d49 _errno strerror fprintf 75729->75735 75730->75433 75731->75433 75748 70a1d664 fputc 75732->75748 75733->75433 75738 70a19fdb GetProcAddress 75733->75738 75734->75433 75735->75734 75740 70a1e140 _errno strerror fprintf 75736->75740 75741 70a1e15b fprintf fprintf fputc fclose 75736->75741 75746 70a1df32 _errno strerror fprintf 75737->75746 75747 70a1df4d fprintf fprintf fputc fclose 75737->75747 75738->75433 75749 70a19ff7 GetProcAddress 75738->75749 75759 70a1dcd9 fputc 75739->75759 75740->75741 75741->75433 75742->75433 75762 70a21a64 fputc 75743->75762 75744->75433 75752 70a1d998 fprintf fprintf fputc fclose 75745->75752 75753 70a1d97d _errno strerror fprintf 75745->75753 75746->75747 75747->75433 75748->75436 75749->75433 75757 70a1a00c GetProcAddress 75749->75757 75760 70a21e76 fprintf fprintf fputc fclose 75750->75760 75761 70a21e5b _errno strerror fprintf 75750->75761 75751->75433 75752->75433 75753->75752 75754->75433 75765 70a21c39 fprintf fprintf fputc fclose 75755->75765 75766 70a21c1e _errno strerror fprintf 75755->75766 75756->75433 75757->75433 75767 70a1a021 GetProcAddress 75757->75767 75780 70a21de1 fputc 75758->75780 75759->75436 75760->75433 75761->75760 75762->75436 75770 70a1de20 _errno strerror fprintf 75763->75770 75771 70a1de3b fprintf fprintf fputc fclose 75763->75771 75774 70a1daaa fprintf fprintf fputc fclose 75764->75774 75775 70a1da8f _errno strerror fprintf 75764->75775 75765->75433 75766->75765 75767->75433 75779 70a1a03d GetProcAddress 75767->75779 75790 70a1e1d8 fputc 75768->75790 75769->75433 75770->75771 75771->75433 75782 70a21b27 fprintf fprintf fputc fclose 75772->75782 75783 70a21b0c _errno strerror fprintf 75772->75783 75773->75433 75774->75433 75775->75774 75794 70a1dfca fputc 75776->75794 75777->75433 75787 70a21857 fprintf fprintf fputc fclose 75778->75787 75788 70a2183c _errno strerror fprintf 75778->75788 75779->75433 75789 70a1a059 GetProcAddress 75779->75789 75780->75436 75800 70a1da15 fputc 75781->75800 75782->75433 75783->75782 75792 70a21745 fprintf fprintf fputc fclose 75784->75792 75793 70a2172a _errno strerror fprintf 75784->75793 75785->75433 75786->75433 75787->75433 75788->75787 75789->75433 75797 70a1a075 GetProcAddress 75789->75797 75790->75436 75806 70a21ef3 fputc 75791->75806 75792->75433 75793->75792 75794->75436 75809 70a21cb6 fputc 75795->75809 75796->75433 75797->75433 75804 70a1a091 GetProcAddress 75797->75804 75807 70a21605 fprintf fprintf fputc fclose 75798->75807 75808 70a215ea _errno strerror fprintf 75798->75808 75817 70a1deb8 fputc 75799->75817 75800->75436 75818 70a21ba4 fputc 75801->75818 75821 70a1db27 fputc 75802->75821 75803->75433 75804->75433 75813 70a1a0ad GetProcAddress 75804->75813 75814 70a214f3 fprintf fprintf fputc fclose 75805->75814 75815 70a214d8 _errno strerror fprintf 75805->75815 75806->75436 75807->75433 75808->75807 75809->75436 75822 70a213b3 fprintf fprintf fputc fclose 75810->75822 75823 70a21398 _errno strerror fprintf 75810->75823 76158 70a2d4b0 75811->76158 75829 70a218d4 fputc 75812->75829 75813->75433 75825 70a1a0c9 GetProcAddress 75813->75825 75814->75433 75815->75814 75816->75433 75817->75436 75818->75436 75827 70a212a1 fprintf fprintf fputc fclose 75819->75827 75828 70a21286 _errno strerror fprintf 75819->75828 75835 70a217c2 fputc 75820->75835 75821->75436 75822->75433 75823->75822 75825->75433 75831 70a1a0e5 GetProcAddress 75825->75831 75826->75433 75827->75433 75828->75827 75829->75436 75830->75433 75831->75433 75837 70a1a101 GetProcAddress 75831->75837 75832->75433 75840 70a1b71e _errno strerror fprintf 75832->75840 75841 70a21161 fprintf fprintf fputc fclose 75833->75841 75842 70a21146 _errno strerror fprintf 75833->75842 75849 70a21682 fputc 75834->75849 75835->75436 75836->75433 75837->75433 75846 70a1a116 GetProcAddress 75837->75846 75847 70a21034 _errno strerror fprintf 75838->75847 75848 70a2104f fprintf fprintf fputc fclose 75838->75848 75856 70a21570 fputc 75839->75856 75840->75433 75841->75433 75842->75841 75853 70a20ef4 _errno strerror fprintf 75843->75853 75854 70a20f0f fprintf fprintf fputc fclose 75843->75854 75860 70a21430 fputc 75844->75860 75845->75479 75846->75433 75855 70a1a132 GetProcAddress 75846->75855 75847->75848 75848->75433 75849->75436 75850->75433 75858 70a20de2 _errno strerror fprintf 75851->75858 75859 70a20dfd fprintf fprintf fputc fclose 75851->75859 75865 70a2131e fputc 75852->75865 75853->75854 75854->75433 75855->75433 75862 70a1a14e GetProcAddress 75855->75862 75856->75436 75857->75433 75858->75859 75859->75433 75860->75436 75861->75433 75862->75433 75869 70a1a16a GetProcAddress 75862->75869 75871 70a20ca2 _errno strerror fprintf 75863->75871 75872 70a20cbd fprintf fprintf fputc fclose 75863->75872 75878 70a211de fputc 75864->75878 75865->75436 75866->75433 75875 70a20b90 _errno strerror fprintf 75868->75875 75876 70a20bab fprintf fprintf fputc fclose 75868->75876 75869->75433 75877 70a1a186 GetProcAddress 75869->75877 75885 70a210cc fputc 75870->75885 75871->75872 75872->75433 75882 70a20a50 _errno strerror fprintf 75873->75882 75883 70a20a6b fprintf fprintf fputc fclose 75873->75883 75890 70a20f8c fputc 75874->75890 75875->75876 75876->75433 75877->75433 75884 70a1a1a2 GetProcAddress 75877->75884 75878->75436 75879->75433 75887 70a20959 fprintf fprintf fputc fclose 75880->75887 75888 70a2093e _errno strerror fprintf 75880->75888 75896 70a20e7a fputc 75881->75896 75882->75883 75883->75433 75884->75433 75893 70a1a1be GetProcAddress 75884->75893 75885->75436 75886->75433 75887->75433 75888->75887 75889->75433 75897 70a1c545 _errno strerror fprintf 75889->75897 75890->75436 75891->75433 75893->75433 75901 70a1a1d3 GetProcAddress 75893->75901 75902 70a20819 fprintf fprintf fputc fclose 75894->75902 75903 70a207fe _errno strerror fprintf 75894->75903 75909 70a20d3a fputc 75895->75909 75896->75436 75897->75479 75898->75433 75906 70a20707 fprintf fprintf fputc fclose 75899->75906 75907 70a206ec _errno strerror fprintf 75899->75907 75917 70a20c28 fputc 75900->75917 75901->75433 75908 70a1a1e8 GetProcAddress 75901->75908 75902->75433 75903->75902 75913 70a205c7 fprintf fprintf fputc fclose 75904->75913 75914 70a205ac _errno strerror fprintf 75904->75914 75922 70a20ae8 fputc 75905->75922 75906->75433 75907->75906 75908->75433 75918 70a1a204 GetProcAddress 75908->75918 75909->75436 75910->75433 75920 70a204b5 fprintf fprintf fputc fclose 75911->75920 75921 70a2049a _errno strerror fprintf 75911->75921 75927 70a209d6 fputc 75912->75927 75913->75433 75914->75913 75915->75479 75916->75433 75916->75509 75917->75436 75918->75433 75924 70a1a220 GetProcAddress 75918->75924 75919->75433 75920->75433 75921->75920 75922->75436 75923->75433 75924->75433 75931 70a1a23c GetProcAddress 75924->75931 75932 70a20375 fprintf fprintf fputc fclose 75925->75932 75933 70a2035a _errno strerror fprintf 75925->75933 75939 70a20896 fputc 75926->75939 75927->75436 75928->75433 75936 70a20263 fprintf fprintf fputc fclose 75929->75936 75937 70a20248 _errno strerror fprintf 75929->75937 75946 70a20784 fputc 75930->75946 75931->75433 75938 70a1a258 GetProcAddress 75931->75938 75932->75433 75933->75932 75944 70a20123 fprintf fprintf fputc fclose 75934->75944 75945 70a20108 _errno strerror fprintf 75934->75945 75951 70a20644 fputc 75935->75951 75936->75433 75937->75936 75938->75433 75948 70a1a26d GetProcAddress 75938->75948 75939->75436 75940->75433 75949 70a20011 fprintf fprintf fputc fclose 75941->75949 75950 70a1fff6 _errno strerror fprintf 75941->75950 75956 70a20532 fputc 75942->75956 75943->75433 75943->75666 75944->75433 75945->75944 75946->75436 75947->75433 75948->75433 75953 70a1a289 GetProcAddress 75948->75953 75949->75433 75950->75949 75951->75436 75952->75433 75953->75433 75962 70a1a2a5 GetProcAddress 75953->75962 75963 70a1fed1 fprintf fprintf fputc fclose 75954->75963 75964 70a1feb6 _errno strerror fprintf 75954->75964 75972 70a203f2 fputc 75955->75972 75956->75436 75957->75433 75958->75433 75966 70a1cc71 _errno strerror fprintf 75958->75966 75969 70a1fda4 _errno strerror fprintf 75959->75969 75970 70a1fdbf fprintf fprintf fputc fclose 75959->75970 75978 70a202e0 fputc 75961->75978 75962->75433 75971 70a1a2ba GetProcAddress 75962->75971 75963->75433 75964->75963 75965->75433 75966->75558 75976 70a1fc64 _errno strerror fprintf 75967->75976 75977 70a1fc7f fprintf fprintf fputc fclose 75967->75977 75983 70a201a0 fputc 75968->75983 75969->75970 75970->75433 75971->75433 75980 70a1a2d6 GetProcAddress 75971->75980 75972->75436 75973->75433 75981 70a1fb52 _errno strerror fprintf 75974->75981 75982 70a1fb6d fprintf fprintf fputc fclose 75974->75982 75989 70a2008e fputc 75975->75989 75976->75977 75977->75433 75978->75436 75979->75433 75980->75433 75987 70a1a2f2 GetProcAddress 75980->75987 75981->75982 75982->75433 75983->75436 75984->75433 75993 70a1fa12 _errno strerror fprintf 75986->75993 75994 70a1fa2d fprintf fprintf fputc fclose 75986->75994 75987->75433 75995 70a1a30e GetProcAddress 75987->75995 76001 70a1ff4e fputc 75988->76001 75989->75436 75990->75433 75998 70a1f900 _errno strerror fprintf 75991->75998 75999 70a1f91b fprintf fprintf fputc fclose 75991->75999 76007 70a1fe3c fputc 75992->76007 75993->75994 75994->75433 75995->75433 76000 70a1a32a GetProcAddress 75995->76000 76005 70a1f7c0 _errno strerror fprintf 75996->76005 76006 70a1f7db fprintf fprintf fputc fclose 75996->76006 76013 70a1fcfc fputc 75997->76013 75998->75999 75999->75433 76000->75433 76010 70a1a33f GetProcAddress 76000->76010 76001->75436 76002->75433 76011 70a1f6c9 fprintf fprintf fputc fclose 76003->76011 76012 70a1f6ae _errno strerror fprintf 76003->76012 76018 70a1fbea fputc 76004->76018 76005->76006 76006->75433 76007->75436 76008->75433 76010->75433 76017 70a1a35b GetProcAddress 76010->76017 76011->75433 76012->76011 76013->75436 76014->75433 76023 70a1f589 fprintf fprintf fputc fclose 76015->76023 76024 70a1f56e _errno strerror fprintf 76015->76024 76030 70a1faaa fputc 76016->76030 76017->75433 76025 70a1a377 GetProcAddress 76017->76025 76018->75436 76019->75433 76028 70a1f477 fprintf fprintf fputc fclose 76020->76028 76029 70a1f45c _errno strerror fprintf 76020->76029 76037 70a1f998 fputc 76021->76037 76022->75479 76023->75433 76024->76023 76025->75433 76031 70a1a38c GetProcAddress 76025->76031 76035 70a1f337 fprintf fprintf fputc fclose 76026->76035 76036 70a1f31c _errno strerror fprintf 76026->76036 76042 70a1f858 fputc 76027->76042 76028->75433 76029->76028 76030->75436 76031->75433 76039 70a1a3a8 GetProcAddress 76031->76039 76032->75433 76040 70a1f225 fprintf fprintf fputc fclose 76033->76040 76041 70a1f20a _errno strerror fprintf 76033->76041 76048 70a1f746 fputc 76034->76048 76035->75433 76036->76035 76037->75436 76038->75433 76039->75433 76047 70a1a3c4 GetProcAddress 76039->76047 76040->75433 76041->76040 76042->75436 76043->75433 76052 70a1f0e5 fprintf fprintf fputc fclose 76044->76052 76053 70a1f0ca _errno strerror fprintf 76044->76053 76045->75433 76045->75479 76061 70a1f606 fputc 76046->76061 76047->75433 76054 70a1a3e0 GetProcAddress 76047->76054 76048->75436 76049->75433 76059 70a1efd3 fprintf fprintf fputc fclose 76050->76059 76060 70a1efb8 _errno strerror fprintf 76050->76060 76069 70a1f4f4 fputc 76051->76069 76052->75433 76053->76052 76054->75433 76055 70a1a3f5 GetProcAddress 76054->76055 76063 70a1a411 GetProcAddress 76055->76063 76064 70a1e84b GetProcAddress 76055->76064 76067 70a1ee93 fprintf fprintf fputc fclose 76056->76067 76068 70a1ee78 _errno strerror fprintf 76056->76068 76075 70a1f3b4 fputc 76057->76075 76058->75433 76058->75479 76059->75433 76060->76059 76061->75436 76062->75433 76071 70a1e5f2 GetProcAddress 76063->76071 76072 70a1a42d GetProcAddress 76063->76072 76064->75433 76064->76063 76073 70a1ed81 fprintf fprintf fputc fclose 76065->76073 76074 70a1ed66 _errno strerror fprintf 76065->76074 76081 70a1f2a2 fputc 76066->76081 76067->75433 76068->76067 76069->75436 76070->75433 76071->75433 76071->76072 76079 70a1e5c1 GetProcAddress 76072->76079 76080 70a1a449 GetProcAddress 76072->76080 76073->75433 76074->76073 76075->75436 76076->75433 76085 70a1ec41 fprintf fprintf fputc fclose 76077->76085 76086 70a1ec26 _errno strerror fprintf 76077->76086 76094 70a1f162 fputc 76078->76094 76079->75433 76079->76080 76087 70a1a465 GetProcAddress 76080->76087 76088 70a1e368 GetProcAddress 76080->76088 76081->75436 76082->75433 76092 70a1eb14 _errno strerror fprintf 76083->76092 76093 70a1eb2f fprintf fprintf fputc fclose 76083->76093 76102 70a1f050 fputc 76084->76102 76085->75433 76086->76085 76096 70a1a481 GetProcAddress 76087->76096 76097 70a1e337 GetProcAddress 76087->76097 76088->75433 76088->76087 76099 70a1e9d4 _errno strerror fprintf 76089->76099 76100 70a1e9ef fprintf fprintf fputc fclose 76089->76100 76107 70a1ef10 fputc 76090->76107 76091->75425 76116 70a1b299 76091->76116 76092->76093 76093->75433 76094->75436 76095->75433 76105 70a1e0c2 GetProcAddress 76096->76105 76106 70a1a49d GetProcAddress 76096->76106 76097->75433 76097->76096 76113 70a1edfe fputc 76098->76113 76099->76100 76100->75433 76101->75479 76102->75436 76103->75433 76111 70a1e8c2 _errno strerror fprintf 76104->76111 76112 70a1e8dd fprintf fprintf fputc fclose 76104->76112 76105->76106 76115 70a1e0de GetProcAddress 76105->76115 76106->75691 76106->75698 76107->75436 76108->75433 76125 70a1ecbe fputc 76110->76125 76111->76112 76112->75433 76113->75436 76114->75479 76115->75433 76115->76106 76116->75488 76122 70a1b2b8 _errno 76116->76122 76350 70a04230 7 API calls 76116->76350 76131 70a1ebac fputc 76117->76131 76123 70a1e781 fprintf fprintf fputc fclose 76118->76123 76124 70a1e766 _errno strerror fprintf 76118->76124 76119->75433 76137 70a1ea6c fputc 76120->76137 76127 70a1e654 _errno strerror fprintf 76121->76127 76128 70a1e66f fprintf fprintf fputc fclose 76121->76128 76129 70a1c497 _errno strerror fprintf 76122->76129 76122->76130 76123->75433 76124->76123 76125->75436 76135 70a1e4f7 fprintf fprintf fputc fclose 76126->76135 76136 70a1e4dc _errno strerror fprintf 76126->76136 76127->76128 76128->75433 76129->75511 76130->75438 76131->75436 76132->75433 76139 70a1e3e5 fprintf fprintf fputc fclose 76133->76139 76140 70a1e3ca _errno strerror fprintf 76133->76140 76144 70a1e95a fputc 76134->76144 76135->75433 76136->76135 76137->75436 76138->75433 76139->75433 76140->76139 76141->75433 76150 70a1e7fe fputc 76142->76150 76143->75433 76144->75436 76152 70a1e6ec fputc 76145->76152 76148 70a1e252 _errno strerror fprintf 76146->76148 76149 70a1e26d fprintf fprintf fputc fclose 76146->76149 76154 70a1e574 fputc 76147->76154 76148->76149 76149->75433 76150->75436 76155 70a1e462 fputc 76151->76155 76152->75436 76153->75433 76154->75436 76155->75436 76157 70a1e2ea fputc 76156->76157 76157->75436 76159 70a2d675 76158->76159 76162 70a2d4c2 76158->76162 76354 70a2d050 __iob_func abort 76159->76354 76162->75479 76164 70a2db4f 76163->76164 76176 70a2d938 76163->76176 76355 70a2d050 __iob_func abort 76164->76355 76165 70a2d947 memcmp 76167 70a2d960 memcmp 76165->76167 76168 70a2da52 76165->76168 76167->76168 76170 70a2d97f memcmp 76167->76170 76168->75479 76170->76168 76171 70a2d99f memcmp 76170->76171 76171->76168 76172 70a2d9bf memcmp 76171->76172 76172->76168 76173 70a2d9df memcmp 76172->76173 76173->76168 76174 70a2d9ff memcmp 76173->76174 76174->76168 76175 70a2da1f memcmp 76174->76175 76175->76168 76175->76176 76176->76165 76176->76168 76178 70a2d8f7 76177->76178 76179 70a2d6a8 76177->76179 76356 70a2d050 __iob_func abort 76178->76356 76181 70a2d6b7 memcmp 76179->76181 76190 70a2d7c5 76179->76190 76183 70a2d6d0 memcmp 76181->76183 76181->76190 76184 70a2d6f2 memcmp 76183->76184 76183->76190 76185 70a2d712 memcmp 76184->76185 76184->76190 76186 70a2d732 memcmp 76185->76186 76185->76190 76187 70a2d752 memcmp 76186->76187 76186->76190 76188 70a2d772 memcmp 76187->76188 76187->76190 76189 70a2d792 memcmp 76188->76189 76188->76190 76189->76179 76189->76190 76190->75479 76192 70a2d341 76191->76192 76200 70a2d226 76191->76200 76357 70a2d050 __iob_func abort 76192->76357 76195 70a2d238 strcmp 76197 70a2d32f 76195->76197 76195->76200 76196 70a2d262 strcmp 76196->76197 76196->76200 76197->75479 76198 70a2d281 strcmp 76198->76197 76198->76200 76199 70a2d2a0 strcmp 76199->76197 76199->76200 76200->76195 76200->76196 76200->76197 76200->76198 76200->76199 76201 70a2d2bf strcmp 76200->76201 76202 70a2d2da strcmp 76200->76202 76203 70a2d2f5 strcmp 76200->76203 76204 70a2d310 strcmp 76200->76204 76201->76197 76201->76200 76202->76197 76202->76200 76203->76197 76203->76200 76204->76197 76204->76200 76206 70a2d488 76205->76206 76214 70a2d376 76205->76214 76358 70a2d050 __iob_func abort 76206->76358 76208 70a2d388 strcmp 76210 70a2d476 76208->76210 76208->76214 76210->75479 76211 70a2d3ac strcmp 76211->76210 76211->76214 76212 70a2d3c8 strcmp 76212->76210 76212->76214 76213 70a2d3e7 strcmp 76213->76210 76213->76214 76214->76208 76214->76210 76214->76211 76214->76212 76214->76213 76215 70a2d406 strcmp 76214->76215 76216 70a2d421 strcmp 76214->76216 76217 70a2d43c strcmp 76214->76217 76218 70a2d457 strcmp 76214->76218 76215->76210 76215->76214 76216->76210 76216->76214 76217->76210 76217->76214 76218->76210 76218->76214 76220 70a7083e 76219->76220 76359 70a70a09 76220->76359 76222 70a70873 exit 76223 70a7088e 76222->76223 76223->75479 76224 70a70843 76224->76222 76362 70a70a30 GetCurrentThread GetThreadContext 76224->76362 76226 70a70855 76226->76222 76227 70a70859 76226->76227 76227->75479 76369 70a6fc00 76228->76369 76230 70a04a25 free 76243 70a05fd0 76230->76243 76231 70a04a15 76231->76230 76232 70a04a63 76231->76232 76384 70a04230 7 API calls 76232->76384 76234 70a04a76 76235 70a04b20 fprintf 76234->76235 76236 70a04a82 _errno 76234->76236 76239 70a04ae8 fprintf 76235->76239 76237 70a04b54 _errno strerror fprintf 76236->76237 76238 70a04a96 fprintf fprintf fputc fclose 76236->76238 76237->76238 76238->76239 76242 70a04b0b fputc 76239->76242 76242->76230 76244 70a05ff2 76243->76244 76266 70a0609d 76243->76266 76246 70a06110 malloc 76244->76246 76247 70a06010 76244->76247 76245 70a024c0 strlen strlen malloc _strdup 76245->76266 76248 70a0612a memcpy 76246->76248 76249 70a061b1 malloc 76247->76249 76250 70a0602e 76247->76250 76248->75479 76249->76248 76251 70a060fa 76250->76251 76253 70a06150 malloc 76250->76253 76254 70a0605f getenv 76250->76254 76251->75479 76253->76248 76276 70a06074 76254->76276 76256 70a060e8 free 76256->76251 76257 70a0631c _errno 76257->76276 76258 70a0617c free 76263 70a06184 76258->76263 76259 70a064e1 _errno 76264 70a066b3 _errno strerror fprintf 76259->76264 76265 70a064ef fprintf fprintf fputc fclose 76259->76265 76260 70a06340 free 76260->76266 76261 70a061f1 free 76261->76263 76262 70a06420 _access 76262->76266 76262->76276 76267 70a061f8 76263->76267 76273 70a06195 76263->76273 76264->76276 76265->76266 76266->76245 76266->76256 76266->76257 76266->76258 76266->76259 76266->76260 76266->76261 76268 70a06617 fprintf 76266->76268 76270 70a06585 getenv 76266->76270 76271 70a0635d strlen strlen malloc 76266->76271 76274 70a0654f fprintf 76266->76274 76266->76276 76279 70a0644e 76266->76279 76471 70a04900 15 API calls 76266->76471 76473 70a05f60 6 API calls 76266->76473 76474 70a04900 15 API calls 76266->76474 76476 70a04230 7 API calls 76266->76476 76277 70a06217 _errno 76267->76277 76292 70a0668a fprintf 76267->76292 76472 70a04230 7 API calls 76267->76472 76268->76266 76270->76276 76271->76266 76278 70a065c6 76271->76278 76272 70a067fe 76478 70a04230 7 API calls 76272->76478 76280 70a061a4 _errno 76273->76280 76281 70a0664e _errno strerror 76273->76281 76288 70a06564 fputc 76274->76288 76276->76257 76276->76262 76276->76266 76276->76270 76276->76271 76276->76272 76283 70a065ae getenv 76276->76283 76284 70a0623a 8 API calls 76277->76284 76285 70a0621f _errno strerror fprintf 76277->76285 76286 70a06719 76278->76286 76291 70a065db 76278->76291 76475 70a04900 15 API calls 76279->76475 76280->76251 76281->76291 76282 70a06811 76289 70a0689c 76282->76289 76290 70a0681d _errno 76282->76290 76283->76271 76283->76278 76298 70a062b2 fprintf 76284->76298 76285->76284 76477 70a04230 7 API calls 76286->76477 76288->76276 76303 70a068e3 fprintf 76289->76303 76310 70a068aa fprintf 76289->76310 76295 70a06846 fprintf fprintf fputc fclose 76290->76295 76296 70a0682b _errno strerror fprintf 76290->76296 76291->76280 76292->76264 76294 70a06459 free 76294->76251 76300 70a0646d 76294->76300 76295->76289 76296->76295 76297 70a0672c 76304 70a06738 _errno 76297->76304 76305 70a06795 76297->76305 76309 70a062ca fputc 76298->76309 76301 70a06930 76300->76301 76302 70a0647a 76300->76302 76479 70a04230 7 API calls 76301->76479 76302->76280 76314 70a06490 _errno strerror 76302->76314 76303->76289 76307 70a06910 _errno strerror fprintf 76304->76307 76308 70a06743 fprintf fprintf fputc fclose 76304->76308 76313 70a067d8 fprintf 76305->76313 76322 70a067a3 fprintf 76305->76322 76307->76301 76308->76305 76309->76266 76318 70a068c3 fputc 76310->76318 76312 70a06943 76316 70a06a0b fprintf 76312->76316 76317 70a0694f _errno 76312->76317 76313->76305 76323 70a064bd 76314->76323 76315 70a063f8 free 76315->76263 76319 70a0640c 76315->76319 76324 70a069c3 _errno strerror 76316->76324 76320 70a06961 6 API calls 76317->76320 76321 70a06a49 _errno strerror fprintf 76317->76321 76318->76289 76319->76251 76320->76324 76326 70a067b8 fputc 76322->76326 76323->76280 76327 70a069dd fprintf 76324->76327 76326->76305 76328 70a069f9 fputc 76327->76328 76328->76316 76330 70a05fd0 107 API calls 76329->76330 76331 70a0da2a 76330->76331 76332 70a0da80 76331->76332 76333 70a0da32 76331->76333 76335 70a0daa0 76332->76335 76336 70a0da91 _errno 76332->76336 76480 70a0a7b0 76333->76480 76897 70a04230 7 API calls 76335->76897 76338 70a0da74 76336->76338 76338->75479 76340 70a0dab3 76341 70a0db4c fprintf 76340->76341 76342 70a0dabf _errno 76340->76342 76346 70a0db1a fprintf 76341->76346 76343 70a0db80 _errno strerror fprintf 76342->76343 76344 70a0dacb fprintf fprintf fputc fclose 76342->76344 76343->76344 76344->76346 76348 70a0db3a fputc 76346->76348 76348->76336 76349->75514 76350->76116 76351->75433 76352->75479 76353->75622 76365 70a708e0 76359->76365 76363 70a70a6e GetCurrentThread SetThreadContext 76362->76363 76363->76226 76366 70a708f4 76365->76366 76367 70a70942 76366->76367 76368 70a70927 NtSetInformationThread 76366->76368 76367->76224 76368->76367 76385 70a70b90 76369->76385 76371 70a6fc52 malloc 76372 70a6fc73 memcpy 76371->76372 76373 70a6fd2e 76371->76373 76372->76373 76376 70a6fc95 76372->76376 76373->76231 76374 70a772b0 abort 76374->76376 76376->76373 76376->76374 76377 70a7bb60 fwrite abort 76376->76377 76386 70a93d70 76376->76386 76414 70a75940 76376->76414 76437 70a76ad0 76376->76437 76441 70a7c030 fwrite abort 76376->76441 76442 70a75b10 free UnmapViewOfFile GetLastError _errno 76376->76442 76443 70a76ad0 abort 76376->76443 76444 70a77210 abort 76376->76444 76377->76376 76384->76234 76385->76371 76387 70a93d8c 76386->76387 76407 70a93f49 76386->76407 76388 70a93f30 76387->76388 76390 70a93f09 76387->76390 76391 70a93daa 76387->76391 76393 70a94b20 9 API calls 76388->76393 76388->76407 76449 70a94b20 76390->76449 76462 70a82990 fwrite abort abort abort 76391->76462 76393->76407 76394 70a94009 memset 76394->76407 76397 70a70c30 free 76397->76407 76398 70a93ead 76445 70a961a0 76398->76445 76399 70a93e95 76400 70a93ea7 76399->76400 76399->76407 76400->76398 76403 70a93ed3 76400->76403 76402 70a93dd5 76402->76399 76405 70a93eca 76402->76405 76412 70a93e28 76402->76412 76465 70a70c30 76403->76465 76404 70a93ec0 76404->76405 76408 70a961a0 VirtualProtect 76404->76408 76405->76376 76407->76394 76407->76397 76407->76398 76468 70a7a8d0 11 API calls 76407->76468 76469 70a94610 memcpy free 76407->76469 76410 70a93efc 76408->76410 76410->76376 76411 70a94b20 9 API calls 76411->76412 76412->76399 76412->76402 76412->76411 76463 70a94cf0 UnmapViewOfFile GetLastError _errno 76412->76463 76464 70a82990 fwrite abort abort abort 76412->76464 76415 70a70c30 free 76414->76415 76416 70a7596e 76415->76416 76417 70a70c30 free 76416->76417 76418 70a7597b 76417->76418 76419 70a70c30 free 76418->76419 76420 70a75998 76419->76420 76421 70a70c30 free 76420->76421 76422 70a759a8 76421->76422 76423 70a70c30 free 76422->76423 76424 70a759b8 76423->76424 76425 70a70c30 free 76424->76425 76426 70a759c8 76425->76426 76427 70a70c30 free 76426->76427 76428 70a759d8 76427->76428 76429 70a75a2f 76428->76429 76431 70a70c30 free 76428->76431 76430 70a70c30 free 76429->76430 76432 70a75a3b 76430->76432 76431->76428 76433 70a75a91 76432->76433 76436 70a70c30 free 76432->76436 76434 70a70c30 free 76433->76434 76435 70a75a9d 76434->76435 76436->76432 76438 70a76aed 76437->76438 76440 70a76af5 76437->76440 76438->76440 76470 70a76490 abort 76438->76470 76440->76376 76441->76376 76442->76376 76443->76376 76444->76376 76448 70a961aa 76445->76448 76446 70a961d6 VirtualProtect 76447 70a961ee 76446->76447 76447->76404 76448->76446 76448->76447 76453 70a94b3a 76449->76453 76450 70a94b77 _errno 76451 70a94b8f 76450->76451 76452 70a94c40 _errno 76450->76452 76451->76452 76456 70a94ba2 76451->76456 76454 70a94c4f 76452->76454 76453->76450 76455 70a94cd8 76453->76455 76454->76388 76457 70a94bb3 CreateFileMappingA 76456->76457 76458 70a94ca4 _get_osfhandle 76456->76458 76459 70a94c18 GetLastError _errno 76457->76459 76460 70a94be3 MapViewOfFile CloseHandle 76457->76460 76458->76457 76461 70a94cbe _errno 76458->76461 76459->76388 76460->76454 76460->76459 76461->76454 76462->76402 76463->76412 76464->76412 76466 70a70c40 free 76465->76466 76467 70a70c4d 76465->76467 76466->76467 76467->76404 76468->76407 76469->76407 76470->76440 76471->76266 76472->76267 76473->76266 76474->76315 76475->76294 76476->76266 76477->76297 76478->76282 76479->76312 76481 70a0a7c6 76480->76481 76482 70a05fd0 107 API calls 76481->76482 76483 70a0a7f7 76482->76483 76484 70a0afd0 76483->76484 76485 70a0a803 76483->76485 76486 70a0acd4 _errno 76484->76486 76487 70a0afe7 76484->76487 76898 70a2b990 76485->76898 76568 70a0ad43 free 76486->76568 77059 70a04230 7 API calls 76487->77059 76491 70a0affa 76493 70a0b006 _errno 76491->76493 76627 70a0c7f0 fprintf 76491->76627 76492 70a0bea1 free 76820 70a0acc5 76492->76820 76829 70a0c6e8 76492->76829 76496 70a0b014 fprintf fputc fclose 76493->76496 76497 70a0ce6e _errno strerror fprintf 76493->76497 76494 70a0ac80 76503 70a0aca0 free free 76494->76503 76495 70a0a83a strncmp 76499 70a0a8b0 76495->76499 76500 70a0a89a strchr 76495->76500 76508 70a0b05b fputc 76496->76508 76509 70a0ce8e fprintf 76497->76509 76501 70a0a420 55 API calls 76499->76501 76500->76499 76505 70a0c2e1 76500->76505 76506 70a0a8ef 76501->76506 76584 70a0acb0 76503->76584 76504 70a0c715 76510 70a0c721 _errno 76504->76510 76511 70a0ccc6 fprintf 76504->76511 76507 70a0c2f8 76505->76507 76505->76820 76512 70a0ad62 free 76506->76512 76513 70a0a8fb 76506->76513 77079 70a04230 7 API calls 76507->77079 76508->76486 76528 70a0b531 fprintf 76509->76528 76516 70a0d201 _errno strerror fprintf 76510->76516 76517 70a0c72d fprintf 76510->76517 76534 70a0ccfd 76511->76534 76512->76584 76928 70a2ffd0 76513->76928 76514 70a0c850 76519 70a0c867 76514->76519 76734 70a0bc2a 76514->76734 76863 70a0b840 76516->76863 77083 70a2db70 76517->77083 77085 70a04230 7 API calls 76519->77085 76520 70a0c30b 76527 70a0c317 _errno 76520->76527 76575 70a0d105 76520->76575 76524 70a0c758 fprintf fputc fclose 76533 70a0c78d 76524->76533 76531 70a0c321 _errno strerror fprintf 76527->76531 76532 70a0c33c fprintf fprintf fputc fclose 76527->76532 76554 70a0b551 fputc 76528->76554 76529 70a0c87a 76538 70a0d415 fprintf 76529->76538 76539 70a0c886 _errno 76529->76539 76530 70a04230 7 API calls 76530->76863 76531->76532 76549 70a0c399 fprintf 76532->76549 76557 70a0c79e fprintf 76533->76557 77088 70a04230 7 API calls 76534->77088 76535 70a0b85f _errno 76543 70a0b882 fprintf 76535->76543 76544 70a0b867 _errno strerror fprintf 76535->76544 76569 70a0d44c _errno strerror fprintf 76538->76569 76546 70a0c894 fprintf fprintf fputc fclose 76539->76546 76547 70a0d74d _errno strerror fprintf 76539->76547 76541 70a0d14a fprintf 76541->76575 76542 70a0bc4c _errno 76542->76568 76567 70a0b8e2 76543->76567 76544->76543 76561 70a0c8f1 fprintf 76546->76561 76547->76584 76548 70a0d240 _errno 76556 70a0d251 _errno strerror fprintf 76548->76556 76548->76863 76563 70a0c3ab fputc 76549->76563 76550 70a0c923 fprintf 76564 70a0c950 memcpy 76550->76564 76551 70a0cd10 76558 70a0cd1c _errno 76551->76558 76551->76575 76552 70a0b8ad fprintf fputc fclose 76552->76567 76554->76820 76556->76863 76570 70a0c7b3 fputc 76557->76570 76565 70a0cd41 fprintf 76558->76565 76566 70a0cd26 _errno strerror fprintf 76558->76566 76559 70a0d599 fprintf 76559->76863 76560 70a0a974 76560->76503 76586 70a0a97c 76560->76586 76574 70a0c903 fputc 76561->76574 76562 70a0d27a fprintf fprintf fputc fclose 76562->76863 76563->76820 76564->76584 76605 70a0cd8b 76565->76605 76566->76565 76567->76552 76576 70a0b8f3 fprintf 76567->76576 76568->76338 76578 70a0d46c 76569->76578 76580 70a0c7c5 76570->76580 76571 70a0d113 fprintf 76571->76575 76572 70a0d181 fprintf 76572->76575 76573 70a0a98d free free 76577 70a0a9ac 76573->76577 76573->76584 76574->76734 76575->76541 76575->76571 76575->76572 76589 70a0d1b8 fprintf 76575->76589 76590 70a0b908 fputc 76576->76590 76583 70a0a9b5 strncmp 76577->76583 76577->76584 77091 70a04230 7 API calls 76578->77091 76579 70a0d2c9 fprintf 76596 70a0d2db fputc 76579->76596 77084 70a04230 7 API calls 76580->77084 76581 70a0d5d7 fprintf 76598 70a0d600 _errno strerror fprintf 76581->76598 76582 70a0bd19 strncmp 76582->76568 76582->76584 76591 70a0aeb0 76583->76591 76592 70a0a9dd strncmp 76583->76592 76584->76568 76584->76582 76593 70a0b7b9 strncmp 76584->76593 76639 70a0b708 _errno 76584->76639 76584->76820 76832 70a0d70c fprintf 76584->76832 76843 70a0bf57 76584->76843 76584->76863 76586->76573 76595 70a04a00 49 API calls 76586->76595 76607 70a0d1e1 _errno strerror fprintf 76589->76607 76590->76584 76623 70a0b2e9 76591->76623 76635 70a0aee1 76591->76635 76660 70a0b28a sprintf strstr 76591->76660 76599 70a0a9fa 76592->76599 76629 70a0ad74 atof _time64 76592->76629 76593->76584 76593->76843 76594 70a0d47f 76601 70a0d48b _errno 76594->76601 76594->76832 76602 70a0ae67 76595->76602 76611 70a0d2ed free 76596->76611 76597 70a0c7d8 76603 70a0c7e4 _errno 76597->76603 76604 70a0cc8f fprintf 76597->76604 76616 70a0d620 _errno strerror fprintf 76598->76616 76599->76584 76608 70a0aa06 strncmp 76599->76608 76610 70a0d9b8 _errno strerror fprintf 76601->76610 76797 70a0c12a fprintf fprintf fputc fclose 76601->76797 76602->76573 76603->76607 76603->76627 76604->76511 77089 70a04230 7 API calls 76605->77089 76607->76516 76617 70a0aa4a 76608->76617 76618 70a0aa29 76608->76618 76609 70a0bf9a 76619 70a0bfa6 _errno 76609->76619 76620 70a0ce37 fprintf 76609->76620 76624 70a0d9d8 _errno strerror fprintf 76610->76624 76641 70a0d640 76611->76641 76611->76734 76614 70a0b563 76631 70a0b571 76614->76631 76632 70a0ba62 76614->76632 76616->76641 76617->76568 76617->76584 76634 70a0aa84 strncmp 76617->76634 76618->76617 76633 70a0be80 _time64 76618->76633 76626 70a0bfb0 _errno strerror fprintf 76619->76626 76655 70a0bfcb 76619->76655 76620->76497 76622 70a0cd9e 76622->76575 76636 70a0cdaa _errno 76622->76636 76623->76580 76623->76584 76623->76820 76624->76584 76626->76655 76627->76514 76628 70a0c179 fprintf 76692 70a0c199 fputc 76628->76692 76629->76614 76630 70a0add6 76629->76630 76630->76584 76642 70a0bb50 76630->76642 76630->76820 76631->76486 76676 70a0b587 _errno strerror 76631->76676 77068 70a04230 7 API calls 76632->77068 76633->76492 76643 70a0af30 76634->76643 76644 70a0aaa9 strncmp 76634->76644 76645 70a0b962 76635->76645 76635->76820 76636->76616 76637 70a0cdb6 fprintf fprintf fputc fclose 76636->76637 76663 70a0ce13 fprintf 76637->76663 76639->76568 76653 70a0d8a5 fprintf 76641->76653 76654 70a0d65f _errno 76641->76654 77093 70a04230 7 API calls 76641->77093 77069 70a04230 7 API calls 76642->77069 76647 70a0b740 76643->76647 76648 70a0af4e 76643->76648 76659 70a0b070 76644->76659 76850 70a0aac9 76644->76850 77067 70a04230 7 API calls 76645->77067 76646 70a0ba75 76664 70a0ba81 _errno 76646->76664 76665 70a0ca09 fprintf 76646->76665 77066 70a230c0 24 API calls 76647->77066 76681 70a0c1b0 76648->76681 76700 70a0af67 76648->76700 76650 70a0cfa8 fprintf 76723 70a0cfdf fprintf 76650->76723 76651 70a0caad _errno 76667 70a0cad2 fprintf fprintf fputc fclose 76651->76667 76668 70a0cab7 _errno strerror fprintf 76651->76668 76729 70a0d8dc fprintf 76653->76729 76654->76624 76670 70a0d66a fprintf fprintf fputc fclose 76654->76670 76671 70a0bff7 76655->76671 76655->76820 76656 70a0bc7f _errno 76673 70a0d0e5 _errno strerror fprintf 76656->76673 76674 70a0bc8b fprintf fprintf fputc fclose 76656->76674 76672 70a0b091 76659->76672 76818 70a0c442 76659->76818 76661 70a0b2c3 strcmp 76660->76661 76662 70a0d054 strstr 76660->76662 76661->76623 76661->76635 76662->76661 76690 70a0d071 strstr 76662->76690 76699 70a0ce25 fputc 76663->76699 76679 70a0ba90 _errno strerror fprintf 76664->76679 76680 70a0baab 8 API calls 76664->76680 76683 70a0ca57 fprintf 76665->76683 76702 70a0cb2f fprintf 76667->76702 76668->76667 76669 70a0bb63 76669->76683 76684 70a0bb6f _errno 76669->76684 76706 70a0d6c7 fprintf 76670->76706 77074 70a04230 7 API calls 76671->77074 76687 70a0b09c 76672->76687 76688 70a0b100 76672->76688 76673->76575 76709 70a0bce8 fprintf 76674->76709 76675 70a0d7d1 _errno 76691 70a0d7d8 _errno strerror fprintf 76675->76691 76675->76863 76676->76820 76677 70a0b975 76693 70a0b981 _errno 76677->76693 76694 70a0c968 fprintf 76677->76694 76678 70a0aad2 strncmp 76695 70a0b3c0 76678->76695 76696 70a0aaf8 strncmp 76678->76696 76679->76680 76718 70a0bb20 fprintf 76680->76718 76712 70a0c1c7 76681->76712 76681->76820 76682 70a0b755 76682->76584 76682->76820 77080 70a04230 7 API calls 76682->77080 76683->76863 76703 70a0bb94 fprintf fprintf fputc fclose 76684->76703 76704 70a0bb79 _errno strerror fprintf 76684->76704 76685 70a0cb61 fprintf 76720 70a0cb8a 76685->76720 77060 70a230c0 24 API calls 76687->77060 76710 70a0b113 76688->76710 76724 70a0c0d3 76688->76724 76690->76661 76711 70a0d08e strstr 76690->76711 76691->76863 76692->76820 76713 70a0cf51 _errno strerror fprintf 76693->76713 76714 70a0b98d fprintf fprintf fputc fclose 76693->76714 76756 70a0c99f 76694->76756 77062 70a230c0 24 API calls 76695->77062 76715 70a0b5b2 76696->76715 76716 70a0ab18 strncmp 76696->76716 76699->76620 77058 70a22f50 60 API calls 76700->77058 76701 70a0d98f fprintf 76701->76610 76731 70a0cb41 fputc 76702->76731 76732 70a0bbf1 fprintf 76703->76732 76704->76703 76733 70a0d6d9 fputc 76706->76733 76707 70a0c00a 76707->76509 76721 70a0c016 _errno 76707->76721 76742 70a0bcfa fputc 76709->76742 76710->76756 76837 70a0b0b4 76710->76837 76711->76661 77077 70a04230 7 API calls 76712->77077 76736 70a0cf71 fprintf 76713->76736 76746 70a0b9f1 fprintf 76714->76746 77064 70a230c0 24 API calls 76715->77064 76728 70a0ab35 strncmp 76716->76728 76716->76850 76749 70a0bb35 fputc 76718->76749 76720->76734 76720->76863 76737 70a0b258 fprintf fprintf fputc fclose 76721->76737 76738 70a0c01e _errno strerror fprintf 76721->76738 76722 70a0da02 76783 70a0d016 fprintf 76723->76783 76741 70a0c0e8 76724->76741 76724->76820 76728->76584 76747 70a0ab52 strchr 76728->76747 76729->76528 76730 70a0af88 76730->76564 76750 70a0af90 76730->76750 76731->76863 76764 70a0bc03 fputc 76732->76764 76733->76584 76734->76542 76736->76650 76737->76528 76738->76737 76739 70a0b0bc 76739->76578 76739->76820 76740 70a0c5a9 76740->76820 77081 70a04230 7 API calls 76740->77081 77076 70a04230 7 API calls 76741->77076 76742->76584 76744 70a0b5dc 76758 70a0ba20 76744->76758 76759 70a0b5e7 76744->76759 76745 70a0c1da 76745->76723 76760 70a0c1e6 _errno 76745->76760 76775 70a0ba0a fputc 76746->76775 76761 70a0bc15 76747->76761 76762 70a0ab6d 76747->76762 76749->76642 76763 70a0cec5 76750->76763 76750->76820 76751 70a0c428 76751->76575 76767 70a0c434 _errno 76751->76767 76753 70a0c4e2 isxdigit 76753->76740 76753->76818 76774 70a0c9b4 76756->76774 76756->76820 76757 70a0d814 fprintf 76757->76863 76776 70a0cbca 76758->76776 76758->76820 76759->76655 76759->76759 76802 70a0b63e strncmp 76759->76802 76772 70a0d4e0 _errno strerror fprintf 76760->76772 76773 70a0c1f4 fprintf fprintf fputc fclose 76760->76773 76761->76534 76761->76734 76777 70a0ab7a strchr 76762->76777 76828 70a0c670 strchr 76762->76828 77090 70a04230 7 API calls 76763->77090 76764->76761 76765 70a0bf00 76765->76820 77072 70a04230 7 API calls 76765->77072 76766 70a0b3ea 76766->76584 76766->76765 76779 70a0b44c strncmp 76766->76779 76767->76598 76767->76818 76769 70a0c0fb 76769->76736 76784 70a0c107 _errno 76769->76784 76770 70a0c3c0 76770->76605 76770->76820 76803 70a0ac3b 76772->76803 76804 70a0c243 fprintf 76773->76804 77086 70a04230 7 API calls 76774->77086 76775->76758 77087 70a04230 7 API calls 76776->77087 76777->76514 76789 70a0ab97 76777->76789 76779->76765 76793 70a0b464 76779->76793 76780 70a0d351 _errno 76794 70a0d885 _errno strerror fprintf 76780->76794 76795 70a0d35d fprintf fprintf fputc fclose 76780->76795 76782 70a0c4ff isxdigit 76782->76740 76782->76818 76783->76528 76784->76797 76798 70a0c10f _errno strerror fprintf 76784->76798 76785 70a0c275 76806 70a0c28a 76785->76806 76785->76820 76786 70a0c5d8 76800 70a0d554 fprintf 76786->76800 76801 70a0c5e4 _errno 76786->76801 77056 70a024c0 strlen strlen malloc _strdup 76789->77056 76792 70a0ced8 76813 70a0cee4 _errno 76792->76813 76814 70a0d3de fprintf 76792->76814 76793->76584 76793->76820 76845 70a0b49e 76793->76845 76794->76653 76834 70a0d3ba fprintf 76795->76834 76796 70a0cbdd 76816 70a0cbe9 _errno 76796->76816 76817 70a0d0ae fprintf 76796->76817 76797->76628 76798->76797 76799 70a0c080 76815 70a0c095 76799->76815 76799->76820 76800->76863 76801->76820 76821 70a0c5ec _errno strerror fprintf 76801->76821 76802->76655 76822 70a0b656 76802->76822 76896 70a0ac52 76803->76896 77092 70a04230 7 API calls 76803->77092 76865 70a0c263 fputc 76804->76865 76805 70a0c9c7 76824 70a0c9d3 _errno 76805->76824 76825 70a0d4a9 fprintf 76805->76825 77078 70a04230 7 API calls 76806->77078 76809 70a0aba2 76809->76720 77057 70a04900 15 API calls 76809->77057 76810 70a0c6d3 atof 76810->76584 76810->76829 76811 70a0c6b5 atof 76811->76584 76811->76828 76812 70a0bf28 76812->76565 76830 70a0bf34 _errno 76812->76830 76813->76773 76831 70a0ceec _errno strerror fprintf 76813->76831 76814->76804 77075 70a04230 7 API calls 76815->77075 76835 70a0cbf3 _errno strerror fprintf 76816->76835 76836 70a0cc0e fprintf fprintf fputc fclose 76816->76836 76817->76673 76818->76627 76818->76665 76818->76722 76818->76740 76818->76753 76818->76782 76818->76850 76868 70a0c577 memcmp 76818->76868 76819 70a0bddb strncmp 76819->76799 76819->76850 76820->76486 76821->76820 76822->76584 76852 70a0b679 76822->76852 76824->76797 76840 70a0c9db _errno strerror fprintf 76824->76840 76825->76628 76827 70a0c29d 76827->76783 76841 70a0c2a9 _errno 76827->76841 76828->76810 76828->76811 76829->76863 77082 70a04230 7 API calls 76829->77082 76830->76843 76844 70a0bf3c _errno strerror fprintf 76830->76844 76831->76773 76832->76628 76859 70a0d3cc fputc 76834->76859 76835->76836 76860 70a0cc6b fprintf 76836->76860 76837->76739 76837->76785 76837->76850 76838 70a0d513 76853 70a0d51f _errno 76838->76853 76838->76863 76840->76797 76841->76737 76854 70a0c2b3 _errno strerror fprintf 76841->76854 76843->76820 77073 70a04230 7 API calls 76843->77073 76844->76843 77063 70a04230 7 API calls 76845->77063 76846 70a0c0a8 76857 70a0c0b4 _errno 76846->76857 76858 70a0cf1a fprintf 76846->76858 76850->76584 76850->76678 76850->76740 76850->76770 76850->76799 76850->76819 76861 70a0be15 76850->76861 76876 70a0b200 76850->76876 77070 70a230c0 24 API calls 76850->77070 76852->76820 76862 70a0b68e 76852->76862 76853->76863 76864 70a0d526 _errno strerror fprintf 76853->76864 76854->76737 76855 70a0abbb 76855->76611 76866 70a0abca free 76855->76866 76857->76569 76857->76737 76858->76528 76859->76814 76875 70a0cc7d fputc 76860->76875 76861->76820 76869 70a0be2a 76861->76869 77065 70a04230 7 API calls 76862->77065 76863->76530 76863->76535 76863->76548 76863->76550 76863->76559 76863->76562 76863->76579 76863->76581 76863->76650 76863->76651 76863->76656 76863->76675 76863->76685 76863->76701 76863->76757 76863->76780 76864->76863 76865->76820 76866->76783 76871 70a0abde 76866->76871 76867 70a0b4b1 76873 70a0d94a fprintf 76867->76873 76874 70a0b4bd _errno 76867->76874 76868->76818 77071 70a04230 7 API calls 76869->77071 76871->76783 76889 70a0ac0b free atof 76871->76889 76873->76863 76874->76737 76879 70a0b4c4 _errno strerror fprintf 76874->76879 76875->76604 76876->76820 76880 70a0b217 76876->76880 76878 70a0b6a1 76882 70a0d913 fprintf 76878->76882 76883 70a0b6ad _errno 76878->76883 76879->76737 77061 70a04230 7 API calls 76880->77061 76881 70a0be3d 76881->76729 76886 70a0be49 _errno 76881->76886 76882->76528 76883->76737 76887 70a0b6b4 _errno strerror fprintf 76883->76887 76886->76737 76891 70a0be50 _errno strerror fprintf 76886->76891 76887->76737 76889->76584 76889->76803 76890 70a0b22a 76892 70a0b236 _errno 76890->76892 76893 70a0d77b fprintf 76890->76893 76891->76737 76892->76737 76894 70a0b23d _errno strerror fprintf 76892->76894 76893->76528 76894->76737 76896->76542 76897->76340 76899 70a2b9a1 76898->76899 76900 70a2bdba 76898->76900 76902 70a2bda1 76899->76902 76912 70a0a820 76899->76912 77094 70a2d050 __iob_func abort 76899->77094 77096 70a2d050 __iob_func abort 76900->77096 77095 70a2d050 __iob_func abort 76902->77095 76912->76492 76912->76494 76912->76495 76929 70a2fff0 76928->76929 76930 70a3044c 76928->76930 76931 70a30433 76929->76931 76934 70a3000b 76929->76934 76935 70a3041a 76929->76935 77104 70a2d050 __iob_func abort 76930->77104 76931->76930 77103 70a2d050 __iob_func abort 76931->77103 76944 70a0a916 76934->76944 76945 70a30065 calloc 76934->76945 77102 70a2d050 __iob_func abort 76935->77102 76944->76503 76971 70a30c10 76944->76971 76947 70a30084 76945->76947 76952 70a30168 76945->76952 77097 70a33110 6 API calls 76947->77097 76949 70a300ba 76950 70a30130 76949->76950 76951 70a300be 76949->76951 77099 70a32fa0 __iob_func abort calloc free 76950->77099 77098 70a32fa0 __iob_func abort calloc free 76951->77098 76955 70a30223 76952->76955 76956 70a30390 76952->76956 76964 70a30114 76952->76964 76955->76964 77100 70a32fa0 __iob_func abort calloc free 76955->77100 76956->76964 77101 70a32fa0 __iob_func abort calloc free 76956->77101 76957 70a3011e free 76957->76944 76964->76957 76972 70a30eab 76971->76972 76973 70a30c4f 76971->76973 77109 70a2d050 __iob_func abort 76972->77109 76975 70a30e92 76973->76975 76978 70a30e79 76973->76978 76981 70a30e60 76973->76981 76987 70a30c6a 76973->76987 77108 70a2d050 __iob_func abort 76975->77108 76977 70a30ec4 memcmp 76980 70a30dce free 76977->76980 77009 70a30eda 76977->77009 77107 70a2d050 __iob_func abort 76978->77107 76983 70a30dd6 free 76980->76983 77106 70a2d050 __iob_func abort 76981->77106 76985 70a30de5 76983->76985 76984 70a0a968 77010 70a2ff60 76984->77010 76985->76983 76986 70a36b50 22 API calls 76985->76986 76986->76985 76987->76984 76988 70a30ce4 malloc 76987->76988 76988->76984 76989 70a30cfb 76988->76989 76989->76983 76990 70a30d3a free 76989->76990 76991 70a30d4e 76989->76991 76990->76984 76991->76985 76992 70a30d57 malloc 76991->76992 76992->76983 76993 70a30d89 76992->76993 77105 70a377e0 memcpy 76993->77105 76995 70a30db8 76995->76980 76996 70a30dc3 76995->76996 76997 70a30e31 76995->76997 76996->76977 76996->76980 76997->76985 77110 70a324f0 __iob_func abort 76997->77110 76999 70a30fe1 77000 70a3102b 76999->77000 77111 70a324f0 __iob_func abort 76999->77111 77004 70a310cd free 77000->77004 77112 70a337f0 __iob_func abort 77000->77112 77003 70a31048 77003->77004 77005 70a3104f 77003->77005 77005->76980 77006 70a3107d memcmp 77005->77006 77006->76980 77007 70a3109f 77006->77007 77007->76980 77008 70a310ad memcmp 77007->77008 77008->76980 77008->77009 77009->76980 77011 70a2ffb4 77010->77011 77012 70a2ff6c 77010->77012 77113 70a2d050 __iob_func abort 77011->77113 77012->76560 77056->76809 77057->76855 77058->76730 77059->76491 77060->76837 77061->76890 77062->76766 77063->76867 77064->76744 77065->76878 77066->76682 77067->76677 77068->76646 77069->76669 77070->76850 77071->76881 77072->76812 77073->76609 77074->76707 77075->76846 77076->76769 77077->76745 77078->76827 77079->76520 77080->76751 77081->76786 77082->76504 77083->76524 77084->76597 77085->76529 77086->76805 77087->76796 77088->76551 77089->76622 77090->76792 77091->76594 77092->76838 77093->76641 77097->76949 77098->76964 77099->76952 77100->76964 77101->76964 77105->76995 77110->76999 77111->77000 77112->77003 77114 7ff6fa9569cc 77115 7ff6fa956a0d 77114->77115 77116 7ff6fa9569f5 77114->77116 77118 7ff6fa956a87 77115->77118 77123 7ff6fa956a3e 77115->77123 77139 7ff6fa94fc50 13 API calls _invalid_parameter_noinfo 77116->77139 77141 7ff6fa94fc50 13 API calls _invalid_parameter_noinfo 77118->77141 77119 7ff6fa9569fa 77140 7ff6fa94fc70 13 API calls _invalid_parameter_noinfo 77119->77140 77122 7ff6fa956a8c 77142 7ff6fa94fc70 13 API calls _invalid_parameter_noinfo 77122->77142 77138 7ff6fa952284 EnterCriticalSection 77123->77138 77124 7ff6fa956a02 77127 7ff6fa956a94 77143 7ff6fa955964 30 API calls _invalid_parameter_noinfo 77127->77143 77139->77119 77140->77124 77141->77122 77142->77127 77143->77124 77144 7ff6fa9542d8 77145 7ff6fa9542f5 GetModuleHandleW 77144->77145 77146 7ff6fa95433f 77144->77146 77145->77146 77152 7ff6fa954302 77145->77152 77154 7ff6fa9541d0 77146->77154 77152->77146 77168 7ff6fa9543e0 GetModuleHandleExW 77152->77168 77174 7ff6fa95af44 EnterCriticalSection 77154->77174 77169 7ff6fa954406 GetProcAddress 77168->77169 77170 7ff6fa954425 77168->77170 77169->77170 77171 7ff6fa95441d 77169->77171 77172 7ff6fa954435 77170->77172 77173 7ff6fa95442f FreeLibrary 77170->77173 77171->77170 77172->77146 77173->77172 77180 7ff6fa948e08 77181 7ff6fa948147 77180->77181 77182 7ff6fa9481c3 77181->77182 77184 7ff6fa949360 77181->77184 77185 7ff6fa949385 77184->77185 77186 7ff6fa94939b memcpy_s 77184->77186 77188 7ff6fa957d90 77185->77188 77186->77182 77189 7ff6fa957ddb 77188->77189 77193 7ff6fa957d9f _invalid_parameter_noinfo 77188->77193 77196 7ff6fa94fc70 13 API calls _invalid_parameter_noinfo 77189->77196 77191 7ff6fa957dc2 HeapAlloc 77192 7ff6fa957dd9 77191->77192 77191->77193 77192->77186 77193->77189 77193->77191 77195 7ff6fa95dc34 EnterCriticalSection LeaveCriticalSection _invalid_parameter_noinfo 77193->77195 77195->77193 77196->77192 77197 7ff6fa953048 77198 7ff6fa95307e 77197->77198 77199 7ff6fa95305f 77197->77199 77209 7ff6fa94fba0 EnterCriticalSection 77198->77209 77210 7ff6fa94fc70 13 API calls _invalid_parameter_noinfo 77199->77210 77202 7ff6fa953064 77211 7ff6fa955964 30 API calls _invalid_parameter_noinfo 77202->77211 77207 7ff6fa95306f 77210->77202 77211->77207 77212 7ff6fa94cca8 77213 7ff6fa94ccca 77212->77213 77214 7ff6fa94cced 77212->77214 77226 7ff6fa94fc70 13 API calls _invalid_parameter_noinfo 77213->77226 77214->77213 77215 7ff6fa94ccf2 77214->77215 77225 7ff6fa94fba0 EnterCriticalSection 77215->77225 77218 7ff6fa94cccf 77227 7ff6fa955964 30 API calls _invalid_parameter_noinfo 77218->77227 77222 7ff6fa94ccda 77226->77218 77227->77222 77228 7ff6fa94a754 77249 7ff6fa94abb4 77228->77249 77231 7ff6fa94a8a0 77349 7ff6fa94aee0 7 API calls 2 library calls 77231->77349 77232 7ff6fa94a770 __scrt_acquire_startup_lock 77234 7ff6fa94a8aa 77232->77234 77237 7ff6fa94a78e __scrt_release_startup_lock 77232->77237 77350 7ff6fa94aee0 7 API calls 2 library calls 77234->77350 77236 7ff6fa94a8b5 77238 7ff6fa94a7b3 77237->77238 77239 7ff6fa94a839 77237->77239 77346 7ff6fa954470 33 API calls 77237->77346 77255 7ff6fa94b02c 77239->77255 77241 7ff6fa94a83e 77258 7ff6fa941000 77241->77258 77246 7ff6fa94a861 77246->77236 77348 7ff6fa94ad48 7 API calls __scrt_initialize_crt 77246->77348 77248 7ff6fa94a878 77248->77238 77351 7ff6fa94b1a8 77249->77351 77252 7ff6fa94a768 77252->77231 77252->77232 77253 7ff6fa94abe3 __scrt_initialize_crt 77253->77252 77353 7ff6fa94c10c 7 API calls 2 library calls 77253->77353 77354 7ff6fa94ba40 77255->77354 77259 7ff6fa94100b 77258->77259 77356 7ff6fa9470f0 77259->77356 77261 7ff6fa94101d 77367 7ff6fa9506c8 77261->77367 77266 7ff6fa94363c 77494 7ff6fa94a5f0 77266->77494 77270 7ff6fa94353b 77270->77266 77392 7ff6fa9464e0 77270->77392 77272 7ff6fa943589 77273 7ff6fa9435d5 77272->77273 77275 7ff6fa9464e0 42 API calls 77272->77275 77407 7ff6fa946a80 77273->77407 77277 7ff6fa9435aa 77275->77277 77277->77273 77487 7ff6fa94f95c 77277->77487 77281 7ff6fa9436df 77283 7ff6fa94370a 77281->77283 77532 7ff6fa943040 18 API calls 77281->77532 77292 7ff6fa94374d 77283->77292 77418 7ff6fa947490 77283->77418 77284 7ff6fa9419c0 103 API calls 77288 7ff6fa943620 77284->77288 77285 7ff6fa946a80 31 API calls 77285->77273 77290 7ff6fa943624 77288->77290 77291 7ff6fa943662 77288->77291 77289 7ff6fa94372a 77293 7ff6fa943740 SetDllDirectoryW 77289->77293 77294 7ff6fa94372f 77289->77294 77493 7ff6fa942760 18 API calls 2 library calls 77290->77493 77291->77281 77503 7ff6fa943b50 77291->77503 77432 7ff6fa9459d0 77292->77432 77293->77292 77533 7ff6fa942760 18 API calls 2 library calls 77294->77533 77301 7ff6fa9437a8 77539 7ff6fa945950 14 API calls __vcrt_freefls 77301->77539 77302 7ff6fa943684 77531 7ff6fa942760 18 API calls 2 library calls 77302->77531 77306 7ff6fa9437b2 77310 7ff6fa943866 77306->77310 77321 7ff6fa9437bb 77306->77321 77307 7ff6fa94376a 77307->77301 77535 7ff6fa945260 144 API calls 3 library calls 77307->77535 77477 7ff6fa942ed0 77310->77477 77311 7ff6fa9436b7 77519 7ff6fa94c8c4 77311->77519 77315 7ff6fa94377b 77317 7ff6fa94377f 77315->77317 77318 7ff6fa94379e 77315->77318 77536 7ff6fa9451f0 64 API calls 77317->77536 77538 7ff6fa9454d0 FreeLibrary 77318->77538 77321->77266 77436 7ff6fa942e70 77321->77436 77323 7ff6fa943789 77323->77318 77325 7ff6fa94378d 77323->77325 77324 7ff6fa94389b 77326 7ff6fa9464e0 42 API calls 77324->77326 77537 7ff6fa945860 19 API calls 77325->77537 77329 7ff6fa9438a7 77326->77329 77329->77266 77333 7ff6fa9438b8 77329->77333 77330 7ff6fa943841 77540 7ff6fa9454d0 FreeLibrary 77330->77540 77331 7ff6fa94379c 77331->77306 77543 7ff6fa946ac0 46 API calls 2 library calls 77333->77543 77334 7ff6fa943855 77541 7ff6fa945950 14 API calls __vcrt_freefls 77334->77541 77337 7ff6fa9438d0 77544 7ff6fa9454d0 FreeLibrary 77337->77544 77339 7ff6fa9438dc 77545 7ff6fa945950 14 API calls __vcrt_freefls 77339->77545 77341 7ff6fa9438e6 77342 7ff6fa9438f7 77341->77342 77546 7ff6fa946780 37 API calls 2 library calls 77341->77546 77547 7ff6fa941aa0 65 API calls __vcrt_freefls 77342->77547 77345 7ff6fa9438ff 77345->77266 77346->77239 77347 7ff6fa94b070 GetModuleHandleW 77347->77246 77348->77248 77349->77234 77350->77236 77352 7ff6fa94abd6 __scrt_dllmain_crt_thread_attach 77351->77352 77352->77252 77352->77253 77353->77252 77355 7ff6fa94b043 GetStartupInfoW 77354->77355 77355->77241 77359 7ff6fa94710f 77356->77359 77357 7ff6fa947117 77357->77261 77358 7ff6fa947160 WideCharToMultiByte 77358->77359 77361 7ff6fa947207 77358->77361 77359->77357 77359->77358 77360 7ff6fa9471b6 WideCharToMultiByte 77359->77360 77359->77361 77360->77359 77360->77361 77548 7ff6fa942610 16 API calls 2 library calls 77361->77548 77363 7ff6fa947233 77364 7ff6fa947251 77363->77364 77366 7ff6fa94f95c __vcrt_freefls 14 API calls 77363->77366 77365 7ff6fa94f95c __vcrt_freefls 14 API calls 77364->77365 77365->77357 77366->77363 77369 7ff6fa95a4c4 77367->77369 77368 7ff6fa95a547 77550 7ff6fa94fc70 13 API calls _invalid_parameter_noinfo 77368->77550 77369->77368 77372 7ff6fa95a508 77369->77372 77371 7ff6fa95a54c 77551 7ff6fa955964 30 API calls _invalid_parameter_noinfo 77371->77551 77549 7ff6fa95a3a0 61 API calls _fread_nolock 77372->77549 77375 7ff6fa94351b 77376 7ff6fa941ae0 77375->77376 77377 7ff6fa941af5 77376->77377 77378 7ff6fa941b10 77377->77378 77552 7ff6fa9424c0 40 API calls 3 library calls 77377->77552 77378->77266 77380 7ff6fa943a40 77378->77380 77553 7ff6fa94a620 77380->77553 77383 7ff6fa943a7b 77555 7ff6fa942610 16 API calls 2 library calls 77383->77555 77384 7ff6fa943a92 77556 7ff6fa9475a0 18 API calls 77384->77556 77387 7ff6fa943a8e 77390 7ff6fa94a5f0 _handle_error 8 API calls 77387->77390 77388 7ff6fa943aa5 77388->77387 77557 7ff6fa942760 18 API calls 2 library calls 77388->77557 77391 7ff6fa943acf 77390->77391 77391->77270 77393 7ff6fa9464ea 77392->77393 77394 7ff6fa947490 16 API calls 77393->77394 77395 7ff6fa94650c GetEnvironmentVariableW 77394->77395 77396 7ff6fa946576 77395->77396 77397 7ff6fa946524 ExpandEnvironmentStringsW 77395->77397 77398 7ff6fa94a5f0 _handle_error 8 API calls 77396->77398 77558 7ff6fa9475a0 18 API calls 77397->77558 77400 7ff6fa946588 77398->77400 77400->77272 77401 7ff6fa94654c 77401->77396 77402 7ff6fa946556 77401->77402 77559 7ff6fa954ba8 30 API calls _wfindfirst32i64 77402->77559 77404 7ff6fa94655e 77405 7ff6fa94a5f0 _handle_error 8 API calls 77404->77405 77406 7ff6fa94656e 77405->77406 77406->77272 77408 7ff6fa947490 16 API calls 77407->77408 77409 7ff6fa946a97 SetEnvironmentVariableW 77408->77409 77410 7ff6fa94f95c __vcrt_freefls 14 API calls 77409->77410 77411 7ff6fa9435ea 77410->77411 77412 7ff6fa9419c0 77411->77412 77413 7ff6fa9419f0 77412->77413 77416 7ff6fa941a6a 77413->77416 77560 7ff6fa9417a0 77413->77560 77416->77281 77416->77284 77417 7ff6fa94c8c4 64 API calls 77417->77416 77419 7ff6fa947537 MultiByteToWideChar 77418->77419 77420 7ff6fa9474b1 MultiByteToWideChar 77418->77420 77422 7ff6fa94755a 77419->77422 77423 7ff6fa94757f 77419->77423 77421 7ff6fa9474d7 77420->77421 77428 7ff6fa9474fc 77420->77428 77622 7ff6fa942610 16 API calls 2 library calls 77421->77622 77624 7ff6fa942610 16 API calls 2 library calls 77422->77624 77423->77289 77426 7ff6fa94756d 77426->77289 77427 7ff6fa9474ea 77427->77289 77428->77419 77429 7ff6fa947512 77428->77429 77623 7ff6fa942610 16 API calls 2 library calls 77429->77623 77431 7ff6fa947525 77431->77289 77433 7ff6fa9459e5 77432->77433 77434 7ff6fa943752 77433->77434 77625 7ff6fa9424c0 40 API calls 3 library calls 77433->77625 77434->77301 77534 7ff6fa9456b0 105 API calls 2 library calls 77434->77534 77626 7ff6fa944770 77436->77626 77439 7ff6fa942ebd 77439->77330 77441 7ff6fa942e94 77441->77439 77674 7ff6fa944540 77441->77674 77443 7ff6fa942ea0 77443->77439 77685 7ff6fa944670 77443->77685 77445 7ff6fa942eac 77445->77439 77484 7ff6fa942f43 77477->77484 77486 7ff6fa942f84 77477->77486 77478 7ff6fa942fc3 77480 7ff6fa94a5f0 _handle_error 8 API calls 77478->77480 77481 7ff6fa942fd5 77480->77481 77481->77266 77542 7ff6fa946a10 40 API calls __vcrt_freefls 77481->77542 77484->77486 77821 7ff6fa942980 77484->77821 77865 7ff6fa941440 144 API calls 2 library calls 77484->77865 77867 7ff6fa941770 18 API calls 77484->77867 77486->77478 77866 7ff6fa941aa0 65 API calls __vcrt_freefls 77486->77866 77488 7ff6fa9559cc 77487->77488 77489 7ff6fa9435c9 77488->77489 77490 7ff6fa9559d1 RtlFreeHeap 77488->77490 77489->77285 77490->77489 77491 7ff6fa9559ec 77490->77491 77939 7ff6fa94fc70 13 API calls _invalid_parameter_noinfo 77491->77939 77493->77266 77495 7ff6fa94a5f9 77494->77495 77496 7ff6fa943650 77495->77496 77497 7ff6fa94a910 IsProcessorFeaturePresent 77495->77497 77496->77347 77498 7ff6fa94a928 77497->77498 77940 7ff6fa94ab04 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 77498->77940 77500 7ff6fa94a93b 77941 7ff6fa94a8dc SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 77500->77941 77504 7ff6fa943b5c 77503->77504 77505 7ff6fa947490 16 API calls 77504->77505 77506 7ff6fa943b87 77505->77506 77507 7ff6fa947490 16 API calls 77506->77507 77508 7ff6fa943b9a 77507->77508 77942 7ff6fa950c88 77508->77942 77511 7ff6fa94a5f0 _handle_error 8 API calls 77512 7ff6fa94367c 77511->77512 77512->77302 77513 7ff6fa946cf0 77512->77513 77514 7ff6fa946d14 77513->77514 77517 7ff6fa946deb 77514->77517 77518 7ff6fa94cbe0 _fread_nolock 46 API calls 77514->77518 77515 7ff6fa94f95c __vcrt_freefls 14 API calls 77516 7ff6fa9436b2 77515->77516 77516->77281 77516->77311 77517->77515 77518->77514 77520 7ff6fa94c8db 77519->77520 77522 7ff6fa94c8f9 77519->77522 78144 7ff6fa94fc70 13 API calls _invalid_parameter_noinfo 77520->78144 77527 7ff6fa94c8eb 77522->77527 78143 7ff6fa94fba0 EnterCriticalSection 77522->78143 77523 7ff6fa94c8e0 78145 7ff6fa955964 30 API calls _invalid_parameter_noinfo 77523->78145 77527->77302 77531->77266 77532->77283 77533->77266 77534->77307 77535->77315 77536->77323 77537->77331 77538->77301 77539->77306 77540->77334 77541->77266 77542->77324 77543->77337 77544->77339 77545->77341 77546->77342 77547->77345 77548->77363 77549->77375 77550->77371 77551->77375 77552->77378 77554 7ff6fa943a4c GetModuleFileNameW 77553->77554 77554->77383 77554->77384 77555->77387 77556->77388 77557->77387 77558->77401 77559->77404 77561 7ff6fa9417c4 77560->77561 77564 7ff6fa9417d4 77560->77564 77562 7ff6fa943b50 98 API calls 77561->77562 77562->77564 77563 7ff6fa946cf0 47 API calls 77566 7ff6fa941805 77563->77566 77564->77563 77589 7ff6fa941832 77564->77589 77565 7ff6fa94a5f0 _handle_error 8 API calls 77567 7ff6fa9419b0 77565->77567 77568 7ff6fa94183c 77566->77568 77569 7ff6fa94181f 77566->77569 77566->77589 77567->77416 77567->77417 77590 7ff6fa94cbe0 77568->77590 77599 7ff6fa9424c0 40 API calls 3 library calls 77569->77599 77572 7ff6fa941857 77600 7ff6fa9424c0 40 API calls 3 library calls 77572->77600 77574 7ff6fa941851 77574->77572 77575 7ff6fa9418ee 77574->77575 77576 7ff6fa9418d3 77574->77576 77578 7ff6fa94cbe0 _fread_nolock 46 API calls 77575->77578 77601 7ff6fa9424c0 40 API calls 3 library calls 77576->77601 77579 7ff6fa941903 77578->77579 77579->77572 77580 7ff6fa941915 77579->77580 77593 7ff6fa94c954 77580->77593 77583 7ff6fa94192d 77602 7ff6fa942760 18 API calls 2 library calls 77583->77602 77585 7ff6fa941983 77587 7ff6fa94c8c4 64 API calls 77585->77587 77585->77589 77586 7ff6fa941940 77586->77585 77603 7ff6fa942760 18 API calls 2 library calls 77586->77603 77587->77589 77589->77565 77604 7ff6fa94cc00 77590->77604 77594 7ff6fa94c95d 77593->77594 77595 7ff6fa941929 77593->77595 77620 7ff6fa94fc70 13 API calls _invalid_parameter_noinfo 77594->77620 77595->77583 77595->77586 77597 7ff6fa94c962 77621 7ff6fa955964 30 API calls _invalid_parameter_noinfo 77597->77621 77599->77589 77600->77589 77601->77589 77602->77589 77603->77585 77605 7ff6fa94cc2a 77604->77605 77606 7ff6fa94cbf8 77604->77606 77605->77606 77607 7ff6fa94cc76 77605->77607 77608 7ff6fa94cc39 memcpy_s 77605->77608 77606->77574 77617 7ff6fa94fba0 EnterCriticalSection 77607->77617 77618 7ff6fa94fc70 13 API calls _invalid_parameter_noinfo 77608->77618 77612 7ff6fa94cc4e 77619 7ff6fa955964 30 API calls _invalid_parameter_noinfo 77612->77619 77618->77612 77619->77606 77620->77597 77621->77595 77622->77427 77623->77431 77624->77426 77625->77434 77627 7ff6fa944780 77626->77627 77628 7ff6fa9447bb 77627->77628 77630 7ff6fa9447db 77627->77630 77737 7ff6fa942760 18 API calls 2 library calls 77628->77737 77632 7ff6fa944832 77630->77632 77633 7ff6fa94481a 77630->77633 77738 7ff6fa942760 18 API calls 2 library calls 77630->77738 77631 7ff6fa944869 77732 7ff6fa946ca0 77631->77732 77632->77631 77739 7ff6fa942760 18 API calls 2 library calls 77632->77739 77726 7ff6fa943ae0 77633->77726 77634 7ff6fa94a5f0 _handle_error 8 API calls 77635 7ff6fa942e7e 77634->77635 77635->77439 77648 7ff6fa944af0 77635->77648 77642 7ff6fa94489d 77741 7ff6fa943c90 70 API calls 77642->77741 77643 7ff6fa94487b 77740 7ff6fa942610 16 API calls 2 library calls 77643->77740 77644 7ff6fa946ca0 31 API calls 77644->77632 77647 7ff6fa9447d1 77647->77634 77649 7ff6fa947490 16 API calls 77648->77649 77650 7ff6fa944b12 77649->77650 77651 7ff6fa944b17 77650->77651 77652 7ff6fa944b2e 77650->77652 77768 7ff6fa942760 18 API calls 2 library calls 77651->77768 77655 7ff6fa947490 16 API calls 77652->77655 77654 7ff6fa944b23 77654->77441 77658 7ff6fa944b5c 77655->77658 77657 7ff6fa944cd7 77657->77441 77659 7ff6fa944bde 77658->77659 77660 7ff6fa944c03 77658->77660 77672 7ff6fa944b61 77658->77672 77769 7ff6fa942760 18 API calls 2 library calls 77659->77769 77661 7ff6fa947490 16 API calls 77660->77661 77664 7ff6fa944c1c 77661->77664 77663 7ff6fa944bf3 77663->77441 77664->77672 77742 7ff6fa9448d0 77664->77742 77673 7ff6fa944cc0 77672->77673 77771 7ff6fa942760 18 API calls 2 library calls 77672->77771 77673->77441 77675 7ff6fa944557 77674->77675 77676 7ff6fa944579 77675->77676 77683 7ff6fa944590 77675->77683 77786 7ff6fa942760 18 API calls 2 library calls 77676->77786 77678 7ff6fa944585 77678->77443 77679 7ff6fa94465d 77679->77443 77681 7ff6fa9412b0 105 API calls 77681->77683 77683->77679 77683->77681 77684 7ff6fa94f95c __vcrt_freefls 14 API calls 77683->77684 77787 7ff6fa942760 18 API calls 2 library calls 77683->77787 77788 7ff6fa941770 18 API calls 77683->77788 77684->77683 77686 7ff6fa94474d 77685->77686 77688 7ff6fa94468b 77685->77688 77686->77445 77688->77686 77689 7ff6fa942760 18 API calls 77688->77689 77789 7ff6fa941770 18 API calls 77688->77789 77689->77688 77727 7ff6fa943aea 77726->77727 77728 7ff6fa947490 16 API calls 77727->77728 77729 7ff6fa943b12 77728->77729 77730 7ff6fa94a5f0 _handle_error 8 API calls 77729->77730 77731 7ff6fa943b3a 77730->77731 77731->77632 77731->77644 77733 7ff6fa947490 16 API calls 77732->77733 77734 7ff6fa946cb7 LoadLibraryExW 77733->77734 77735 7ff6fa94f95c __vcrt_freefls 14 API calls 77734->77735 77736 7ff6fa944876 77735->77736 77736->77642 77736->77643 77737->77647 77738->77633 77739->77631 77740->77647 77741->77647 77747 7ff6fa9448ea mbstowcs 77742->77747 77743 7ff6fa94a5f0 _handle_error 8 API calls 77745 7ff6fa944ab5 77743->77745 77770 7ff6fa947690 32 API calls __vcrt_freefls 77745->77770 77746 7ff6fa9449f8 77754 7ff6fa944a96 77746->77754 77773 7ff6fa954c20 77746->77773 77747->77746 77750 7ff6fa944ace 77747->77750 77747->77754 77772 7ff6fa941770 18 API calls 77747->77772 77783 7ff6fa942760 18 API calls 2 library calls 77750->77783 77754->77743 77768->77654 77769->77663 77771->77657 77772->77747 77774 7ff6fa954c29 77773->77774 77778 7ff6fa944a0f 77773->77778 77779 7ff6fa950f20 32 API calls 3 library calls 77778->77779 77783->77754 77786->77678 77787->77683 77788->77683 77789->77688 77823 7ff6fa942996 77821->77823 77822 7ff6fa942db9 77823->77822 77868 7ff6fa942dd0 77823->77868 77826 7ff6fa942ad7 77874 7ff6fa946270 80 API calls 77826->77874 77827 7ff6fa942dd0 55 API calls 77829 7ff6fa942ad3 77827->77829 77829->77826 77831 7ff6fa942b45 77829->77831 77830 7ff6fa942adf 77835 7ff6fa942afc 77830->77835 77875 7ff6fa946150 117 API calls 2 library calls 77830->77875 77832 7ff6fa942dd0 55 API calls 77831->77832 77834 7ff6fa942b6e 77832->77834 77838 7ff6fa942dd0 55 API calls 77834->77838 77846 7ff6fa942bc8 77834->77846 77837 7ff6fa942b16 77835->77837 77876 7ff6fa942760 18 API calls 2 library calls 77835->77876 77840 7ff6fa94a5f0 _handle_error 8 API calls 77837->77840 77841 7ff6fa942b9b 77838->77841 77843 7ff6fa942b3a 77840->77843 77844 7ff6fa942dd0 55 API calls 77841->77844 77841->77846 77842 7ff6fa942bd8 77842->77835 77845 7ff6fa941ae0 40 API calls 77842->77845 77847 7ff6fa942cf6 77842->77847 77843->77484 77844->77846 77852 7ff6fa942c2f 77845->77852 77846->77835 77877 7ff6fa946270 80 API calls 77846->77877 77847->77835 77856 7ff6fa942d0e 77847->77856 77848 7ff6fa942d92 77883 7ff6fa942760 18 API calls 2 library calls 77848->77883 77850 7ff6fa942cf1 77852->77835 77852->77848 77855 7ff6fa942cbc 77852->77855 77857 7ff6fa9417a0 103 API calls 77855->77857 77856->77837 77858 7ff6fa942d74 77856->77858 77879 7ff6fa941440 144 API calls 2 library calls 77856->77879 77880 7ff6fa941770 18 API calls 77856->77880 77859 7ff6fa942cd3 77857->77859 77881 7ff6fa942760 18 API calls 2 library calls 77858->77881 77859->77856 77861 7ff6fa942cd7 77859->77861 77862 7ff6fa942d85 77882 7ff6fa941aa0 65 API calls __vcrt_freefls 77862->77882 77865->77484 77866->77486 77867->77484 77869 7ff6fa942e04 77868->77869 77870 7ff6fa942e3b 77869->77870 77885 7ff6fa9505c0 77869->77885 77872 7ff6fa94a5f0 _handle_error 8 API calls 77870->77872 77873 7ff6fa942a86 77872->77873 77873->77826 77873->77827 77874->77830 77875->77835 77876->77837 77877->77842 77879->77856 77880->77856 77881->77862 77882->77837 77883->77850 77886 7ff6fa9505dd 77885->77886 77887 7ff6fa9505e9 77885->77887 77902 7ff6fa94fee4 77886->77902 77926 7ff6fa94da10 33 API calls 77887->77926 77890 7ff6fa950611 77892 7ff6fa950621 77890->77892 77927 7ff6fa9597f0 5 API calls try_get_function 77890->77927 77928 7ff6fa94fd6c 16 API calls 3 library calls 77892->77928 77894 7ff6fa950675 77895 7ff6fa95068d 77894->77895 77896 7ff6fa950679 77894->77896 77897 7ff6fa94fee4 52 API calls 77895->77897 77898 7ff6fa9505e2 77896->77898 77929 7ff6fa9559cc 13 API calls _findclose 77896->77929 77899 7ff6fa950699 77897->77899 77898->77870 77899->77898 77930 7ff6fa9559cc 13 API calls _findclose 77899->77930 77903 7ff6fa94ff03 77902->77903 77904 7ff6fa94ff1f 77902->77904 77931 7ff6fa94fc50 13 API calls _invalid_parameter_noinfo 77903->77931 77904->77903 77905 7ff6fa94ff32 CreateFileW 77904->77905 77907 7ff6fa94ffac 77905->77907 77908 7ff6fa94ff65 77905->77908 77935 7ff6fa9504b4 40 API calls 3 library calls 77907->77935 77934 7ff6fa950030 42 API calls 3 library calls 77908->77934 77909 7ff6fa94ff08 77932 7ff6fa94fc70 13 API calls _invalid_parameter_noinfo 77909->77932 77913 7ff6fa94ffb1 77916 7ff6fa94ffb5 77913->77916 77917 7ff6fa94ffc1 77913->77917 77914 7ff6fa94ff0f 77933 7ff6fa955964 30 API calls _invalid_parameter_noinfo 77914->77933 77915 7ff6fa94ff73 77920 7ff6fa94ff1a 77915->77920 77922 7ff6fa94ff8e CloseHandle 77915->77922 77936 7ff6fa94fc00 13 API calls 2 library calls 77916->77936 77937 7ff6fa950270 34 API calls 77917->77937 77920->77898 77922->77920 77923 7ff6fa94ffce 77938 7ff6fa9503ac 23 API calls _fread_nolock 77923->77938 77925 7ff6fa94ffbf 77925->77915 77926->77890 77927->77892 77928->77894 77929->77898 77930->77898 77931->77909 77932->77914 77933->77920 77934->77915 77935->77913 77936->77925 77937->77923 77938->77925 77939->77489 77940->77500 77943 7ff6fa950bbc 77942->77943 77944 7ff6fa950be2 77943->77944 77946 7ff6fa950c15 77943->77946 77973 7ff6fa94fc70 13 API calls _invalid_parameter_noinfo 77944->77973 77949 7ff6fa950c1b 77946->77949 77950 7ff6fa950c28 77946->77950 77947 7ff6fa950be7 77974 7ff6fa955964 30 API calls _invalid_parameter_noinfo 77947->77974 77975 7ff6fa94fc70 13 API calls _invalid_parameter_noinfo 77949->77975 77961 7ff6fa955be4 77950->77961 77953 7ff6fa943ba9 77953->77511 77978 7ff6fa95af44 EnterCriticalSection 77961->77978 77973->77947 77974->77953 77975->77953 78144->77523 78145->77527 78146 7ff6fa9490c0 78147 7ff6fa9490ee 78146->78147 78148 7ff6fa9490d5 78146->78148 78148->78147 78150 7ff6fa957d90 14 API calls 78148->78150 78149 7ff6fa949148 78150->78149

                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                Function 70A0A7B0 Relevance: 624.0, APIs: 334, Strings: 21, Instructions: 2756stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: strncmp$free$_errnofprintf$fputc$strchr$atoffclose$_time64getenvstrerror
                                                                                                                                                                                                                • String ID: %s$%s,%d,0x%x,$*$*CODE:$*DOMAIN:$*FIXKEY:$*FLAGS:$*HARDDISK:$*IFIPV4:$*IFIPV6:$*IFMAC:$*TIME:$*VERSION:$Pyarmor$_vax_%s$clickbank$license.c$pyarmor-test-0001$pytransform.log$regnow$shareit
                                                                                                                                                                                                                • API String ID: 1877277240-1732257083
                                                                                                                                                                                                                • Opcode ID: 9a570d108b4c1940485d56054af62b97a88552214d87f5b669533eeeaac584d2
                                                                                                                                                                                                                • Instruction ID: 4ca2713e25435f366b1f3c853fb61ceeec4d996cdf35d709524cd5d8599ec363
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9a570d108b4c1940485d56054af62b97a88552214d87f5b669533eeeaac584d2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BE339C71B2874ADAEB149B21FA1079D23A5BB88BC4F44822ADD0E5736CEF3CE505C751
                                                                                                                                                                                                                Function 70A0E6F0 Relevance: 28.8, APIs: 2, Strings: 17, Instructions: 293stringCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 2169 70a0e6f0-70a0e73f 2170 70a0e9e2-70a0e9e4 2169->2170 2171 70a0e745-70a0e74d 2169->2171 2174 70a0e92e-70a0e93d 2170->2174 2172 70a0e940-70a0e947 2171->2172 2173 70a0e753-70a0e75b 2171->2173 2175 70a0e917-70a0e91e 2172->2175 2173->2172 2176 70a0e761-70a0e791 2173->2176 2178 70a0e927-70a0e929 call 70a01c70 2175->2178 2179 70a0e910 2176->2179 2180 70a0e797-70a0e79f 2176->2180 2178->2174 2179->2175 2182 70a0ea74-70a0ea90 call 70a01c70 2180->2182 2183 70a0e7a5-70a0e7b1 2180->2183 2182->2174 2187 70a0e980-70a0e989 2183->2187 2188 70a0e7b7-70a0e7bc 2183->2188 2189 70a0ea30-70a0ea37 2187->2189 2190 70a0e98f-70a0e996 2187->2190 2194 70a0e7c4-70a0e7e3 2188->2194 2189->2190 2192 70a0ea3d-70a0ea49 2189->2192 2193 70a0e999-70a0e9a0 2190->2193 2192->2193 2193->2194 2195 70a0e9a6-70a0e9b8 2193->2195 2194->2175 2198 70a0e7e9-70a0e7ff 2194->2198 2195->2194 2197 70a0e9be-70a0e9cb 2195->2197 2199 70a0e9d1-70a0e9dd 2197->2199 2200 70a0ea95-70a0ea98 2197->2200 2206 70a0e9f0-70a0ea0c call 70a01c70 2198->2206 2207 70a0e805-70a0e829 strlen strncmp 2198->2207 2199->2194 2201 70a0ea9a-70a0eaa1 2200->2201 2202 70a0eaaf-70a0eab6 2200->2202 2203 70a0eaa4-70a0eaaa 2201->2203 2202->2201 2204 70a0eab8-70a0eac4 2202->2204 2203->2199 2204->2203 2206->2174 2208 70a0e881-70a0e896 call 70a0dc10 2207->2208 2209 70a0e82b-70a0e830 2207->2209 2215 70a0e89b-70a0e8a2 2208->2215 2209->2208 2210 70a0e832-70a0e843 2209->2210 2214 70a0e858-70a0e864 2210->2214 2219 70a0e845-70a0e852 2214->2219 2220 70a0e866-70a0e86d 2214->2220 2216 70a0e950-70a0e954 2215->2216 2217 70a0e8a8-70a0e8b8 2215->2217 2221 70a0ea50-70a0ea54 2216->2221 2222 70a0e95a-70a0e973 2216->2222 2225 70a0e8c1-70a0e8c4 2217->2225 2219->2214 2223 70a0eaea 2219->2223 2220->2219 2224 70a0e86f-70a0e877 2220->2224 2226 70a0eac6-70a0eaca 2221->2226 2227 70a0ea56-70a0ea6f 2221->2227 2222->2225 2232 70a0eaf4-70a0eaf8 2223->2232 2224->2208 2228 70a0e879-70a0e87e 2224->2228 2229 70a0e8f4-70a0e8fd 2225->2229 2230 70a0e8c6-70a0e8c9 2225->2230 2226->2232 2233 70a0eacc-70a0eae5 2226->2233 2227->2225 2228->2208 2229->2178 2247 70a0e8ff-70a0e90e 2229->2247 2230->2229 2234 70a0e8cb-70a0e8d2 2230->2234 2236 70a0eb18-70a0eb1c 2232->2236 2237 70a0eafa-70a0eb13 2232->2237 2233->2225 2239 70a0ea11-70a0ea18 2234->2239 2240 70a0e8d8-70a0e8df 2234->2240 2236->2237 2238 70a0eb1e-70a0eb22 2236->2238 2237->2236 2243 70a0eb42-70a0eb46 2238->2243 2244 70a0eb24-70a0eb3d 2238->2244 2239->2240 2245 70a0ea1e-70a0ea2a 2239->2245 2246 70a0e8e2-70a0e8ef 2240->2246 2249 70a0eb66-70a0eb6a 2243->2249 2250 70a0eb48-70a0eb61 2243->2250 2244->2225 2245->2246 2246->2229 2249->2237 2252 70a0eb6c-70a0eb70 2249->2252 2250->2225 2254 70a0eb90-70a0eb94 2252->2254 2255 70a0eb72-70a0eb8b 2252->2255 2256 70a0ebb4-70a0ebb8 2254->2256 2257 70a0eb96-70a0ebaf 2254->2257 2255->2225 2258 70a0ebd8-70a0ebdc 2256->2258 2259 70a0ebba-70a0ebd3 2256->2259 2257->2225 2258->2225 2262 70a0ebe2-70a0ebfb 2258->2262 2259->2225 2262->2225
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • The runtime library doesn't support Super Mode, xrefs: 70A0E961
                                                                                                                                                                                                                • Loaded module __main__ not found in sys.modules, xrefs: 70A0EB9D
                                                                                                                                                                                                                • Check restrict mode of module failed, xrefs: 70A0EAD3
                                                                                                                                                                                                                • Marshal loads failed, xrefs: 70A0EB79
                                                                                                                                                                                                                • This obfuscated script is obfuscated by old PyArmor, xrefs: 70A0EB4F
                                                                                                                                                                                                                • Enable restrict mode failed, xrefs: 70A0EBC1
                                                                                                                                                                                                                • <frozen pyarmor>, xrefs: 70A0E6FC
                                                                                                                                                                                                                • ssO|i, xrefs: 70A0E770
                                                                                                                                                                                                                • Python interpreter is debug version, xrefs: 70A0E940
                                                                                                                                                                                                                • Incompatible core library, xrefs: 70A0EBE9
                                                                                                                                                                                                                • Got string from code object failed, xrefs: 70A0E7DC, 70A0E9F7
                                                                                                                                                                                                                • The python version in runtime is different from the build time, xrefs: 70A0E8B1
                                                                                                                                                                                                                • Invalid parameter, xrefs: 70A0E910
                                                                                                                                                                                                                • Restore module failed, xrefs: 70A0EB01
                                                                                                                                                                                                                • Check the restrict mode of module failed, xrefs: 70A0EB2B
                                                                                                                                                                                                                • NULL code object, xrefs: 70A0EA7B
                                                                                                                                                                                                                • The runtime library doesn't support Advanced Mode, xrefs: 70A0EA5D
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: strlenstrncmp
                                                                                                                                                                                                                • String ID: <frozen pyarmor>$Check restrict mode of module failed$Check the restrict mode of module failed$Enable restrict mode failed$Got string from code object failed$Incompatible core library$Invalid parameter$Loaded module __main__ not found in sys.modules$Marshal loads failed$NULL code object$Python interpreter is debug version$Restore module failed$The python version in runtime is different from the build time$The runtime library doesn't support Advanced Mode$The runtime library doesn't support Super Mode$This obfuscated script is obfuscated by old PyArmor$ssO|i
                                                                                                                                                                                                                • API String ID: 1310274236-189690365
                                                                                                                                                                                                                • Opcode ID: de706c7b0686e13caf34838300ca2eb59b35a277f68e4ab34e64101f44a6eaba
                                                                                                                                                                                                                • Instruction ID: 0aee0237f40bce89063e8129e8596ff9a551f9254ead37a138e556fc0b69fed3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: de706c7b0686e13caf34838300ca2eb59b35a277f68e4ab34e64101f44a6eaba
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7ED15E72B0AA09C5EB01CF15FC9035963B5F7A9B88F548626C94E07728EF7CE589E341
                                                                                                                                                                                                                Function 70A708E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24nativethreadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtSetInformationThread.NTDLL ref: 70A70940
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: InformationThread
                                                                                                                                                                                                                • String ID: NtSetInformationThread$ntdll.dll
                                                                                                                                                                                                                • API String ID: 4046476035-3743287242
                                                                                                                                                                                                                • Opcode ID: e5a8ab297af3254c8973ab1e1034aa530dc4ab812a2c1580ad32ee085639b3a6
                                                                                                                                                                                                                • Instruction ID: cdb0693797393069ef7bf62cf4e489569018370bbe9361c0ef7875bb976b5615
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e5a8ab297af3254c8973ab1e1034aa530dc4ab812a2c1580ad32ee085639b3a6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FAF01535B18A48CAEB609B06FC5034A2360F39CB98F544225DA9D83774EF2CD709CB00
                                                                                                                                                                                                                Function 70A6FC00 Relevance: 3.2, APIs: 2, Instructions: 651COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: mallocmemcpy
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4276657696-0
                                                                                                                                                                                                                • Opcode ID: 59ec0480ac1d7ffcf86410bb1f68e875519e8c595487042376e28e36e18d3dd9
                                                                                                                                                                                                                • Instruction ID: 78695baced311355cef1ba5b5531bfe14b6a93d05df77b1a100f4f75cb1eba37
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 59ec0480ac1d7ffcf86410bb1f68e875519e8c595487042376e28e36e18d3dd9
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0D427B71A15A44C6EB35CBA1EC91B7D2724FB89B8AF51E236DA4EC732CCB38D5018345
                                                                                                                                                                                                                Function 70A199F0 Relevance: 2280.3, APIs: 1190, Strings: 109, Instructions: 7009libraryloaderCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AddressProc$_errno
                                                                                                                                                                                                                • String ID: %s$%s,%d,0x%x,$3des$PyArg_ParseTuple$PyBool_FromLong$PyByteArray_AsString$PyBytes_AsString$PyBytes_AsStringAndSize$PyBytes_FromStringAndSize$PyBytes_Size$PyCFunction_Call$PyCFunction_NewEx$PyCell_Set$PyCode_Type$PyDict_Clear$PyDict_Copy$PyDict_GetItemString$PyDict_SetItem$PyDict_SetItemString$PyErr_Clear$PyErr_Fetch$PyErr_Format$PyErr_NoMemory$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyErr_SetString$PyEval_EvalCode$PyEval_EvalFrameEx$PyEval_GetBuiltins$PyEval_GetFrame$PyEval_GetGlobals$PyEval_GetLocals$PyEval_SetProfile$PyEval_SetTrace$PyExc_ImportError$PyExc_RuntimeError$PyFrame_LocalsToFast$PyFrame_Type$PyFunction_Type$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ExecCodeModuleEx$PyImport_GetMagicNumber$PyImport_GetModuleDict$PyImport_ImportModule$PyList_GetItem$PyList_Size$PyLong_AsLong$PyLong_FromLong$PyMarshal_ReadObjectFromString$PyMarshal_WriteObjectToFile$PyMarshal_WriteObjectToString$PyModule_GetDict$PyObject_GetAttrString$PyObject_Print$PyObject_SetAttrString$PyObject_Size$PyObject_Type$PyString_AsStringAndSize$PyString_Format$PyString_FromStringAndSize$PyString_Size$PyString_Type$PySys_GetObject$PySys_SetObject$PyThreadState_Get$PyTuple_GetItem$PyTuple_GetSlice$PyTuple_New$PyTuple_SetItem$PyTuple_Size$PyType_GenericNew$PyUnicodeUCS2_AsUTF8String$PyUnicodeUCS2_Format$PyUnicodeUCS2_FromString$PyUnicodeUCS4_AsUTF8String$PyUnicodeUCS4_Format$PyUnicodeUCS4_FromString$PyUnicode_AsUTF8String$PyUnicode_Fill$PyUnicode_Format$PyUnicode_FromString$PyUnicode_Type$Py_BuildValue$Py_CompileString$Py_CompileStringExFlags$Py_DebugFlag$Py_DecRef$Py_Exit$Py_IncRef$Py_InspectFlag$Py_InteractiveFlag$Py_ReprEnter$_PyEval_EvalFrameDefault$_Py_NoneStruct$_Py_TrueStruct$_pytransform.c$aes$dumps$license.c$license.lic$loads$marshal$pyshield.lic$pytransform.log$sha256$sprng$wrapper.c
                                                                                                                                                                                                                • API String ID: 1566810575-3086871561
                                                                                                                                                                                                                • Opcode ID: bd406935070ba2316a5d549f7af733740b896774029f340e28a553630994f88f
                                                                                                                                                                                                                • Instruction ID: 1be5c78c5f67ae6cdf033322386b53d9bab3f6176190fe4a2954bc2fb93f7283
                                                                                                                                                                                                                • Opcode Fuzzy Hash: bd406935070ba2316a5d549f7af733740b896774029f340e28a553630994f88f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9AE36BB0B28756E9EB05DB11FD1079C23A5BB49BC4F448226990E1B3A8DF3CF646C356
                                                                                                                                                                                                                Function 70A0DA10 Relevance: 33.3, APIs: 13, Strings: 6, Instructions: 96COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 2149 70a0da10-70a0da30 call 70a05fd0 2152 70a0da80-70a0da8f 2149->2152 2153 70a0da32-70a0da64 call 70a0a7b0 2149->2153 2155 70a0daa0-70a0dab9 call 70a04230 2152->2155 2156 70a0da91-70a0da9b _errno 2152->2156 2157 70a0da69-70a0da6f free 2153->2157 2161 70a0db4c-70a0db7e fprintf 2155->2161 2162 70a0dabf-70a0dac5 _errno 2155->2162 2158 70a0da74-70a0da7e 2156->2158 2157->2158 2166 70a0db1a-70a0db47 fprintf fputc 2161->2166 2163 70a0db80-70a0db9b _errno strerror fprintf 2162->2163 2164 70a0dacb-70a0db13 fprintf * 2 fputc fclose 2162->2164 2163->2164 2164->2166 2166->2156
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 70A05FD0: getenv.MSVCRT ref: 70A06066
                                                                                                                                                                                                                • _errno.MSVCRT ref: 70A0DA91
                                                                                                                                                                                                                  • Part of subcall function 70A0A7B0: strncmp.MSVCRT ref: 70A0A891
                                                                                                                                                                                                                  • Part of subcall function 70A0A7B0: strchr.MSVCRT ref: 70A0A8A2
                                                                                                                                                                                                                • free.MSVCRT ref: 70A0DA6F
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _errnofreegetenvstrchrstrncmp
                                                                                                                                                                                                                • String ID: %s$%s,%d,0x%x,$license.c$license.lic$product.key$pytransform.log
                                                                                                                                                                                                                • API String ID: 2166687660-2554675036
                                                                                                                                                                                                                • Opcode ID: 51b71e4d5f7b9b1f5e99217e4ad8c9ed1310ba067563fa6360d19c9241e2a9c4
                                                                                                                                                                                                                • Instruction ID: 4efda974a8896be2298d1eee56068094a8eee92e9bc250dad0bd2c1d9548b117
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 51b71e4d5f7b9b1f5e99217e4ad8c9ed1310ba067563fa6360d19c9241e2a9c4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0A31D471B2836A99EE00AB51F91175D63A1BB49BC4F448236DD0E2776CEF3CF9068346
                                                                                                                                                                                                                Function 70A04A00 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 96COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 2265 70a04a00-70a04a19 call 70a6fc00 2268 70a04a25-70a04a62 2265->2268 2269 70a04a1b-70a04a23 2265->2269 2269->2268 2270 70a04a63-70a04a7c call 70a04230 2269->2270 2273 70a04b20-70a04b52 fprintf 2270->2273 2274 70a04a82-70a04a90 _errno 2270->2274 2277 70a04ae8-70a04b18 fprintf fputc 2273->2277 2275 70a04b54-70a04b70 _errno strerror fprintf 2274->2275 2276 70a04a96-70a04ae1 fprintf * 2 fputc fclose 2274->2276 2275->2276 2276->2277 2277->2268
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: fprintf$fputc$_errnofclosemallocmemcpy
                                                                                                                                                                                                                • String ID: %s$%s,%d,0x%x,$protect.c$pytransform.log
                                                                                                                                                                                                                • API String ID: 1944142573-1235383041
                                                                                                                                                                                                                • Opcode ID: 6b25d167d664dc9fa20fed712a6307817866af6a7771c36f0bb93a53ba9f0987
                                                                                                                                                                                                                • Instruction ID: 227b92444954991b52247186106102a6d3bd445ee1a5f0027d7dd83185608cfa
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6b25d167d664dc9fa20fed712a6307817866af6a7771c36f0bb93a53ba9f0987
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7531B6517182C29EEB119B35B9607AD6B71EF46BC8F088165DE8D0736ADE2CF402C309
                                                                                                                                                                                                                Function 00007FF6FA9417A0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 144COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700239529.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700209046.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700295336.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA97A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700402538.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _fread_nolock$Message_invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                                                                                                                                                                                • API String ID: 2153230061-4158440160
                                                                                                                                                                                                                • Opcode ID: d3f67b174aeae5e24568d6acf2cb4bcd5ef97029a6107d64a5c49ceb0d22f55b
                                                                                                                                                                                                                • Instruction ID: defb56315fec42a75b6c0a945ec578e9e7ba8dde645a39b052b0fe70ce9e0377
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d3f67b174aeae5e24568d6acf2cb4bcd5ef97029a6107d64a5c49ceb0d22f55b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E512972A29A0686EB54CF29E45017863A0FF88B58B658176DE3DC77DAEF3CE444C740
                                                                                                                                                                                                                Function 70A94B20 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 123fileCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 2334 70a94b20-70a94b38 2335 70a94b3a-70a94b4c 2334->2335 2336 70a94b72-70a94b75 2334->2336 2337 70a94c60-70a94c62 2335->2337 2338 70a94b52-70a94b54 2335->2338 2339 70a94b77-70a94b89 _errno 2336->2339 2342 70a94c94-70a94c9f 2337->2342 2343 70a94c64-70a94c75 2337->2343 2344 70a94b5a-70a94b62 2338->2344 2345 70a94c80-70a94c82 2338->2345 2340 70a94b8f-70a94b93 2339->2340 2341 70a94c40-70a94c49 _errno 2339->2341 2340->2341 2346 70a94b99-70a94b9c 2340->2346 2347 70a94c4f-70a94c5e 2341->2347 2342->2339 2343->2339 2350 70a94b6d-70a94b70 2344->2350 2351 70a94b64-70a94b6b 2344->2351 2348 70a94cd8-70a94cdd 2345->2348 2349 70a94c84-70a94c8a 2345->2349 2346->2341 2352 70a94ba2-70a94bad 2346->2352 2349->2342 2350->2339 2351->2339 2351->2350 2353 70a94bb3-70a94be1 CreateFileMappingA 2352->2353 2354 70a94ca4-70a94cb8 _get_osfhandle 2352->2354 2355 70a94c18-70a94c3a GetLastError _errno 2353->2355 2356 70a94be3-70a94c16 MapViewOfFile CloseHandle 2353->2356 2354->2353 2357 70a94cbe-70a94cd3 _errno 2354->2357 2356->2347 2356->2355 2357->2347
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File_errno$CloseCreateErrorHandleLastMappingView
                                                                                                                                                                                                                • String ID: $@$@
                                                                                                                                                                                                                • API String ID: 896588047-3743272326
                                                                                                                                                                                                                • Opcode ID: a7d2e116755dd5e7b73fa10bb3bd850991ebedf29374f90d57e067a6f4a17967
                                                                                                                                                                                                                • Instruction ID: dc88614902378892f61cb752b95925dd695167d7829bfecb19ab9c38622cc72e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a7d2e116755dd5e7b73fa10bb3bd850991ebedf29374f90d57e067a6f4a17967
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 45414573F226508AE7225B16AD00B4D62A9B789BB4F490325DE7A177D8EBBCD9408304
                                                                                                                                                                                                                Function 70A0DC10 Relevance: 15.6, APIs: 4, Strings: 6, Instructions: 579stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: free$strlenstrncmp
                                                                                                                                                                                                                • String ID: __main__$__mp_main__$__parents_main__$__spec__$frame$obfmode.c
                                                                                                                                                                                                                • API String ID: 2569063720-2363144754
                                                                                                                                                                                                                • Opcode ID: d7eb3b2edb8b75f53f14989efe98325d5a7d4fb8147dfaabf56a59dccfa926de
                                                                                                                                                                                                                • Instruction ID: 5df5f8f4ca7e20f381e89759c24b5211d9d23d32de1d11822eaf4d435f1d9017
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d7eb3b2edb8b75f53f14989efe98325d5a7d4fb8147dfaabf56a59dccfa926de
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C232BC72A0664CC6EB15CB21B94035D27A6B7A9B88F444A29CD0F0B7ACFB7CE945D701
                                                                                                                                                                                                                Function 00007FF6FA9412B0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700239529.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700209046.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700295336.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA97A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700402538.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Message
                                                                                                                                                                                                                • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                • API String ID: 2030045667-3659356012
                                                                                                                                                                                                                • Opcode ID: 53710113778ff1f322136b35266cb064683aa33a999a574240659a68d24e477d
                                                                                                                                                                                                                • Instruction ID: 304823c2dd1c2e978a00d4e6c08be4c81d0219555c87e1ab02aa42a78dc404a1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 53710113778ff1f322136b35266cb064683aa33a999a574240659a68d24e477d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA416B22B2864282EB24DB16E4502BA63A4FF45B94F948472DE7DC7BD6FE3CE441C300
                                                                                                                                                                                                                Function 00007FF6FA960F7C Relevance: 13.8, APIs: 9, Instructions: 273fileCOMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 2757 7ff6fa960f7c-7ff6fa960fef call 7ff6fa960cac 2760 7ff6fa961009-7ff6fa961013 call 7ff6fa952394 2757->2760 2761 7ff6fa960ff1-7ff6fa960ffa call 7ff6fa94fc50 2757->2761 2767 7ff6fa961015-7ff6fa96102c call 7ff6fa94fc50 call 7ff6fa94fc70 2760->2767 2768 7ff6fa96102e-7ff6fa961097 CreateFileW 2760->2768 2766 7ff6fa960ffd-7ff6fa961004 call 7ff6fa94fc70 2761->2766 2784 7ff6fa961342-7ff6fa961362 2766->2784 2767->2766 2770 7ff6fa961099-7ff6fa96109f 2768->2770 2771 7ff6fa961114-7ff6fa96111f GetFileType 2768->2771 2774 7ff6fa9610e1-7ff6fa96110f GetLastError call 7ff6fa94fc00 2770->2774 2775 7ff6fa9610a1-7ff6fa9610a5 2770->2775 2777 7ff6fa961172-7ff6fa961179 2771->2777 2778 7ff6fa961121-7ff6fa96115c GetLastError call 7ff6fa94fc00 CloseHandle 2771->2778 2774->2766 2775->2774 2782 7ff6fa9610a7-7ff6fa9610df CreateFileW 2775->2782 2780 7ff6fa96117b-7ff6fa96117f 2777->2780 2781 7ff6fa961181-7ff6fa961184 2777->2781 2778->2766 2792 7ff6fa961162-7ff6fa96116d call 7ff6fa94fc70 2778->2792 2787 7ff6fa96118a-7ff6fa9611db call 7ff6fa9522ac 2780->2787 2781->2787 2788 7ff6fa961186 2781->2788 2782->2771 2782->2774 2796 7ff6fa9611fa-7ff6fa96122a call 7ff6fa960a18 2787->2796 2797 7ff6fa9611dd-7ff6fa9611e9 call 7ff6fa960eb8 2787->2797 2788->2787 2792->2766 2802 7ff6fa9611ed-7ff6fa9611f5 call 7ff6fa955b24 2796->2802 2803 7ff6fa96122c-7ff6fa96126f 2796->2803 2797->2796 2804 7ff6fa9611eb 2797->2804 2802->2784 2805 7ff6fa961291-7ff6fa96129c 2803->2805 2806 7ff6fa961271-7ff6fa961275 2803->2806 2804->2802 2809 7ff6fa9612a2-7ff6fa9612a6 2805->2809 2810 7ff6fa961340 2805->2810 2806->2805 2808 7ff6fa961277-7ff6fa96128c 2806->2808 2808->2805 2809->2810 2812 7ff6fa9612ac-7ff6fa9612f1 CloseHandle CreateFileW 2809->2812 2810->2784 2813 7ff6fa961326-7ff6fa96133b 2812->2813 2814 7ff6fa9612f3-7ff6fa961321 GetLastError call 7ff6fa94fc00 call 7ff6fa9524d4 2812->2814 2813->2810 2814->2813
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700239529.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700209046.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700295336.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA97A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700402538.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1330151763-0
                                                                                                                                                                                                                • Opcode ID: d121c7e434188e1b59c11ae7c5eb2a34e011b9b37a129bdee774847c0c4b5b89
                                                                                                                                                                                                                • Instruction ID: e0b5130a3716fcae8ffb6af5ebbae5216b514bc4e6912f27ec77b9c4d3460e28
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d121c7e434188e1b59c11ae7c5eb2a34e011b9b37a129bdee774847c0c4b5b89
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3FC1AF37B28A428AEB10CF69C4916AC3765FB4AB98B114275DE2ED77D6EF38D051C340
                                                                                                                                                                                                                Function 00007FF6FA941000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 274COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 2819 7ff6fa941000-7ff6fa943528 call 7ff6fa94c838 call 7ff6fa94c830 call 7ff6fa9470f0 call 7ff6fa94c830 call 7ff6fa94a620 call 7ff6fa94fb30 call 7ff6fa9506c8 call 7ff6fa941ae0 2837 7ff6fa94363c 2819->2837 2838 7ff6fa94352e-7ff6fa94353d call 7ff6fa943a40 2819->2838 2839 7ff6fa943641-7ff6fa943661 call 7ff6fa94a5f0 2837->2839 2838->2837 2844 7ff6fa943543-7ff6fa943556 call 7ff6fa943910 2838->2844 2844->2837 2847 7ff6fa94355c-7ff6fa94356f call 7ff6fa9439c0 2844->2847 2847->2837 2850 7ff6fa943575-7ff6fa94359c call 7ff6fa9464e0 2847->2850 2853 7ff6fa9435de-7ff6fa943606 call 7ff6fa946a80 call 7ff6fa9419c0 2850->2853 2854 7ff6fa94359e-7ff6fa9435ad call 7ff6fa9464e0 2850->2854 2865 7ff6fa94360c-7ff6fa943622 call 7ff6fa9419c0 2853->2865 2866 7ff6fa9436ef-7ff6fa943700 2853->2866 2854->2853 2860 7ff6fa9435af-7ff6fa9435b5 2854->2860 2862 7ff6fa9435b7-7ff6fa9435bf 2860->2862 2863 7ff6fa9435c1-7ff6fa9435db call 7ff6fa94f95c call 7ff6fa946a80 2860->2863 2862->2863 2863->2853 2878 7ff6fa943624-7ff6fa943637 call 7ff6fa942760 2865->2878 2879 7ff6fa943662-7ff6fa943665 2865->2879 2868 7ff6fa943715-7ff6fa94372d call 7ff6fa947490 2866->2868 2869 7ff6fa943702-7ff6fa94370c call 7ff6fa943040 2866->2869 2883 7ff6fa943740-7ff6fa943747 SetDllDirectoryW 2868->2883 2884 7ff6fa94372f-7ff6fa94373b call 7ff6fa942760 2868->2884 2881 7ff6fa94374d-7ff6fa94375a call 7ff6fa9459d0 2869->2881 2882 7ff6fa94370e 2869->2882 2878->2837 2879->2866 2880 7ff6fa94366b-7ff6fa943682 call 7ff6fa943b50 2879->2880 2894 7ff6fa943689-7ff6fa9436b5 call 7ff6fa946cf0 2880->2894 2895 7ff6fa943684-7ff6fa943687 2880->2895 2892 7ff6fa9437a8-7ff6fa9437ad call 7ff6fa945950 2881->2892 2893 7ff6fa94375c-7ff6fa94376c call 7ff6fa9456b0 2881->2893 2882->2868 2883->2881 2884->2837 2900 7ff6fa9437b2-7ff6fa9437b5 2892->2900 2893->2892 2906 7ff6fa94376e-7ff6fa94377d call 7ff6fa945260 2893->2906 2907 7ff6fa9436b7-7ff6fa9436bf call 7ff6fa94c8c4 2894->2907 2908 7ff6fa9436df-7ff6fa9436ed 2894->2908 2897 7ff6fa9436c4-7ff6fa9436da call 7ff6fa942760 2895->2897 2897->2837 2904 7ff6fa943866-7ff6fa94386e call 7ff6fa942ed0 2900->2904 2905 7ff6fa9437bb-7ff6fa9437c8 2900->2905 2917 7ff6fa943873-7ff6fa943875 2904->2917 2910 7ff6fa9437d0-7ff6fa9437da 2905->2910 2921 7ff6fa94377f-7ff6fa94378b call 7ff6fa9451f0 2906->2921 2922 7ff6fa94379e-7ff6fa9437a3 call 7ff6fa9454d0 2906->2922 2907->2897 2908->2869 2914 7ff6fa9437dc-7ff6fa9437e1 2910->2914 2915 7ff6fa9437e3-7ff6fa9437e5 2910->2915 2914->2910 2914->2915 2919 7ff6fa9437e7-7ff6fa94380a call 7ff6fa941b20 2915->2919 2920 7ff6fa943831-7ff6fa943846 call 7ff6fa943030 call 7ff6fa942e70 call 7ff6fa943020 2915->2920 2917->2837 2923 7ff6fa94387b-7ff6fa9438b2 call 7ff6fa946a10 call 7ff6fa9464e0 call 7ff6fa945050 2917->2923 2919->2837 2933 7ff6fa943810-7ff6fa94381b 2919->2933 2944 7ff6fa94384b-7ff6fa943861 call 7ff6fa9454d0 call 7ff6fa945950 2920->2944 2921->2922 2934 7ff6fa94378d-7ff6fa94379c call 7ff6fa945860 2921->2934 2922->2892 2923->2837 2947 7ff6fa9438b8-7ff6fa9438ed call 7ff6fa943030 call 7ff6fa946ac0 call 7ff6fa9454d0 call 7ff6fa945950 2923->2947 2937 7ff6fa943820-7ff6fa94382f 2933->2937 2934->2900 2937->2920 2937->2937 2944->2839 2959 7ff6fa9438f7-7ff6fa943901 call 7ff6fa941aa0 2947->2959 2960 7ff6fa9438ef-7ff6fa9438f2 call 7ff6fa946780 2947->2960 2959->2839 2960->2959
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00007FF6FA943A40: GetModuleFileNameW.KERNEL32(?,00007FF6FA94353B), ref: 00007FF6FA943A71
                                                                                                                                                                                                                • SetDllDirectoryW.KERNEL32 ref: 00007FF6FA943747
                                                                                                                                                                                                                  • Part of subcall function 00007FF6FA9464E0: GetEnvironmentVariableW.KERNEL32(00007FF6FA943589), ref: 00007FF6FA94651A
                                                                                                                                                                                                                  • Part of subcall function 00007FF6FA9464E0: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6FA946537
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700239529.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700209046.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700295336.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA97A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700402538.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                                                                                                                                                                                • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                                                                                • API String ID: 2344891160-3602715111
                                                                                                                                                                                                                • Opcode ID: b8c4d9db5740dae41e0297eb8f5fadb4d97e0d1083dee61173de1ced86751b38
                                                                                                                                                                                                                • Instruction ID: 38395ad110764fe2b34843a0a6e57ff23a8a336a6b5fc49aec3f56d0f8e968f1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b8c4d9db5740dae41e0297eb8f5fadb4d97e0d1083dee61173de1ced86751b38
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F0B15B61A3868355FF64AB3194512BE6294BF84784F8080B6EE7DC77DBFE2CE6058740
                                                                                                                                                                                                                Function 00007FF6FA941050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 2964 7ff6fa941050-7ff6fa9410ab call 7ff6fa949350 2967 7ff6fa9410ad-7ff6fa9410d2 call 7ff6fa942760 2964->2967 2968 7ff6fa9410d3-7ff6fa9410eb call 7ff6fa94f970 2964->2968 2973 7ff6fa941109-7ff6fa941119 call 7ff6fa94f970 2968->2973 2974 7ff6fa9410ed-7ff6fa941104 call 7ff6fa9424c0 2968->2974 2980 7ff6fa941137-7ff6fa941147 2973->2980 2981 7ff6fa94111b-7ff6fa941132 call 7ff6fa9424c0 2973->2981 2979 7ff6fa94126c-7ff6fa941281 call 7ff6fa949040 call 7ff6fa94f95c * 2 2974->2979 2996 7ff6fa941286-7ff6fa9412a0 2979->2996 2983 7ff6fa941150-7ff6fa941175 call 7ff6fa94cbe0 2980->2983 2981->2979 2990 7ff6fa94117b-7ff6fa941185 call 7ff6fa94c954 2983->2990 2991 7ff6fa94125e 2983->2991 2990->2991 2998 7ff6fa94118b-7ff6fa941197 2990->2998 2993 7ff6fa941264 2991->2993 2993->2979 2999 7ff6fa9411a0-7ff6fa9411b5 call 7ff6fa947810 2998->2999 3001 7ff6fa9411ba-7ff6fa9411c8 2999->3001 3002 7ff6fa9411ca-7ff6fa9411cd 3001->3002 3003 7ff6fa941241-7ff6fa94125c call 7ff6fa942760 3001->3003 3004 7ff6fa94123c 3002->3004 3005 7ff6fa9411cf-7ff6fa9411d9 3002->3005 3003->2993 3004->3003 3007 7ff6fa9411db-7ff6fa9411f0 call 7ff6fa94d108 3005->3007 3008 7ff6fa941203-7ff6fa941206 3005->3008 3018 7ff6fa9411fe-7ff6fa941201 3007->3018 3019 7ff6fa9411f2-7ff6fa9411fc call 7ff6fa94c954 3007->3019 3011 7ff6fa941219-7ff6fa94121e 3008->3011 3012 7ff6fa941208-7ff6fa941216 call 7ff6fa94b390 3008->3012 3011->2999 3013 7ff6fa941220-7ff6fa941223 3011->3013 3012->3011 3016 7ff6fa941237-7ff6fa94123a 3013->3016 3017 7ff6fa941225-7ff6fa941228 3013->3017 3016->2993 3017->3003 3021 7ff6fa94122a-7ff6fa941232 3017->3021 3018->3003 3019->3011 3019->3018 3021->2983
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700239529.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700209046.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700295336.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA97A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700402538.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Message
                                                                                                                                                                                                                • String ID: 1.2.11$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                • API String ID: 2030045667-1060636955
                                                                                                                                                                                                                • Opcode ID: 4ed85bd054d8548dfd760a0ec01e4440847e175df08025cd25297d2feea31505
                                                                                                                                                                                                                • Instruction ID: 38c64c2140a2cad4844d4fd80a6939947afc3633b25f8ec1d05a15b91a5f8be3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4ed85bd054d8548dfd760a0ec01e4440847e175df08025cd25297d2feea31505
                                                                                                                                                                                                                • Instruction Fuzzy Hash: AA51DE22A2868285EB609B51E4403BA6291FF85794F5481B2EE7EC77D7FF3CE404C340
                                                                                                                                                                                                                Function 00007FF6FA956408 Relevance: 10.8, APIs: 7, Instructions: 291COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                control_flow_graph 3178 7ff6fa956408-7ff6fa95642e 3179 7ff6fa956449-7ff6fa95644d 3178->3179 3180 7ff6fa956430-7ff6fa956444 call 7ff6fa94fc50 call 7ff6fa94fc70 3178->3180 3182 7ff6fa95682c-7ff6fa956838 call 7ff6fa94fc50 call 7ff6fa94fc70 3179->3182 3183 7ff6fa956453-7ff6fa95645a 3179->3183 3194 7ff6fa956843 3180->3194 3201 7ff6fa95683e call 7ff6fa955964 3182->3201 3183->3182 3185 7ff6fa956460-7ff6fa956492 3183->3185 3185->3182 3188 7ff6fa956498-7ff6fa95649f 3185->3188 3191 7ff6fa9564b8-7ff6fa9564bb 3188->3191 3192 7ff6fa9564a1-7ff6fa9564b3 call 7ff6fa94fc50 call 7ff6fa94fc70 3188->3192 3197 7ff6fa956828-7ff6fa95682a 3191->3197 3198 7ff6fa9564c1-7ff6fa9564c3 3191->3198 3192->3201 3199 7ff6fa956846-7ff6fa95685d 3194->3199 3197->3199 3198->3197 3202 7ff6fa9564c9-7ff6fa9564cc 3198->3202 3201->3194 3202->3192 3203 7ff6fa9564ce-7ff6fa9564f4 3202->3203 3206 7ff6fa9564f6-7ff6fa9564f9 3203->3206 3207 7ff6fa956533-7ff6fa95653b 3203->3207 3209 7ff6fa9564fb-7ff6fa956503 3206->3209 3210 7ff6fa956521-7ff6fa95652e 3206->3210 3211 7ff6fa95653d-7ff6fa956565 call 7ff6fa957d90 call 7ff6fa9559cc * 2 3207->3211 3212 7ff6fa956505-7ff6fa95651c call 7ff6fa94fc50 call 7ff6fa94fc70 call 7ff6fa955964 3207->3212 3209->3210 3209->3212 3214 7ff6fa9565b7-7ff6fa9565ca 3210->3214 3239 7ff6fa956567-7ff6fa95657d call 7ff6fa94fc70 call 7ff6fa94fc50 3211->3239 3240 7ff6fa956582-7ff6fa9565b3 call 7ff6fa956b60 3211->3240 3243 7ff6fa9566bc 3212->3243 3217 7ff6fa9565cc-7ff6fa9565d4 3214->3217 3218 7ff6fa956646-7ff6fa956650 call 7ff6fa95dda0 3214->3218 3217->3218 3222 7ff6fa9565d6-7ff6fa9565d8 3217->3222 3230 7ff6fa9566da 3218->3230 3231 7ff6fa956656-7ff6fa95666b 3218->3231 3222->3218 3227 7ff6fa9565da-7ff6fa9565f1 3222->3227 3227->3218 3232 7ff6fa9565f3-7ff6fa9565ff 3227->3232 3235 7ff6fa9566df-7ff6fa9566ff ReadFile 3230->3235 3231->3230 3237 7ff6fa95666d-7ff6fa95667f GetConsoleMode 3231->3237 3232->3218 3233 7ff6fa956601-7ff6fa956603 3232->3233 3233->3218 3238 7ff6fa956605-7ff6fa95661d 3233->3238 3241 7ff6fa9567f2-7ff6fa9567fb GetLastError 3235->3241 3242 7ff6fa956705-7ff6fa95670d 3235->3242 3237->3230 3244 7ff6fa956681-7ff6fa956689 3237->3244 3238->3218 3246 7ff6fa95661f-7ff6fa95662b 3238->3246 3239->3243 3240->3214 3251 7ff6fa9567fd-7ff6fa956813 call 7ff6fa94fc70 call 7ff6fa94fc50 3241->3251 3252 7ff6fa956818-7ff6fa95681b 3241->3252 3242->3241 3248 7ff6fa956713 3242->3248 3245 7ff6fa9566bf-7ff6fa9566c9 call 7ff6fa9559cc 3243->3245 3244->3235 3250 7ff6fa95668b-7ff6fa9566ad ReadConsoleW 3244->3250 3245->3199 3246->3218 3254 7ff6fa95662d-7ff6fa95662f 3246->3254 3258 7ff6fa95671a-7ff6fa95672f 3248->3258 3260 7ff6fa9566ce-7ff6fa9566d8 3250->3260 3261 7ff6fa9566af GetLastError 3250->3261 3251->3243 3255 7ff6fa9566b5-7ff6fa9566b7 call 7ff6fa94fc00 3252->3255 3256 7ff6fa956821-7ff6fa956823 3252->3256 3254->3218 3265 7ff6fa956631-7ff6fa956641 3254->3265 3255->3243 3256->3245 3258->3245 3267 7ff6fa956731-7ff6fa95673c 3258->3267 3260->3258 3261->3255 3265->3218 3271 7ff6fa956763-7ff6fa95676b 3267->3271 3272 7ff6fa95673e-7ff6fa956757 call 7ff6fa955fcc 3267->3272 3275 7ff6fa95676d-7ff6fa95677f 3271->3275 3276 7ff6fa9567e0-7ff6fa9567ed call 7ff6fa955d84 3271->3276 3278 7ff6fa95675c-7ff6fa95675e 3272->3278 3279 7ff6fa9567d3-7ff6fa9567db 3275->3279 3280 7ff6fa956781 3275->3280 3276->3278 3278->3245 3279->3245 3281 7ff6fa956786-7ff6fa95678d 3280->3281 3283 7ff6fa9567c9-7ff6fa9567cd 3281->3283 3284 7ff6fa95678f-7ff6fa956793 3281->3284 3283->3279 3285 7ff6fa956795-7ff6fa95679c 3284->3285 3286 7ff6fa9567af 3284->3286 3285->3286 3287 7ff6fa95679e-7ff6fa9567a2 3285->3287 3288 7ff6fa9567b5-7ff6fa9567c5 3286->3288 3287->3286 3289 7ff6fa9567a4-7ff6fa9567ad 3287->3289 3288->3281 3290 7ff6fa9567c7 3288->3290 3289->3288 3290->3279
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700239529.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700209046.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700295336.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA97A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700402538.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                • Opcode ID: 53787f42cc88ec762c7cab538ca08b13a4b27a7d8075f21ba4fa32834bd05f71
                                                                                                                                                                                                                • Instruction ID: 9933492e775859d3b17754f5ede3b98bb09490f370c2e29d59ae52f2aecdf004
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 53787f42cc88ec762c7cab538ca08b13a4b27a7d8075f21ba4fa32834bd05f71
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53C1AF22A2C74749EB605B1990422B97BE1FB80B82F4941B1DB7DC77D3EE7CE4558740
                                                                                                                                                                                                                Function 00007FF6FA94A754 Relevance: 7.6, APIs: 5, Instructions: 94COMMON
                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700239529.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700209046.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700295336.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA97A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700402538.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4144305933-0
                                                                                                                                                                                                                • Opcode ID: 702f7c832cf0ba87b5ff8a943f0597e04a247d80620e40057ef95aeb345a1c99
                                                                                                                                                                                                                • Instruction ID: e6f31bda7045c247b9b62ce48f196c0f4ec1e55bbede6543fb0c875065ffc582
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 702f7c832cf0ba87b5ff8a943f0597e04a247d80620e40057ef95aeb345a1c99
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FF313F21E7C10345FB64AB69A4523B92792BF91785F5480B4DE7ECBBD7FE2CA8058200
                                                                                                                                                                                                                Function 70A70A30 Relevance: 6.0, APIs: 4, Instructions: 38threadinjectionCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Thread$ContextCurrent
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 195563550-0
                                                                                                                                                                                                                • Opcode ID: 28fea4604ca6fef9d06f2ff79cdcf5c43462e4a59386bbe1a7154d01d539f8b1
                                                                                                                                                                                                                • Instruction ID: 01bc0719a83438bc923d157a8d7d628b96fb459852aa8f2eb93c5b1d9df1b075
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 28fea4604ca6fef9d06f2ff79cdcf5c43462e4a59386bbe1a7154d01d539f8b1
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3D117172618785C6EB608B64F91870FB3E5F3883D4F509629D6C986A9CCFBCC189CB00
                                                                                                                                                                                                                Function 00007FF6FA94FEE4 Relevance: 4.6, APIs: 3, Instructions: 92fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700239529.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700209046.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700295336.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA97A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700402538.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseCreateDriveFileHandleType_invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2907017715-0
                                                                                                                                                                                                                • Opcode ID: 6bc34977209249cb9a8280982b1036741a152119e2b8ccc82b4d09bdf26104ee
                                                                                                                                                                                                                • Instruction ID: 5a5e1b4b73206251e8efba67bd001b076adc2322c2a62d78713f2c8a86f22f15
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6bc34977209249cb9a8280982b1036741a152119e2b8ccc82b4d09bdf26104ee
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2431C532D287924BE7509F2595002697690FB85BA4F148375EEBCC3AD3EF3CE5A18750
                                                                                                                                                                                                                Function 00007FF6FA954394 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700239529.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700209046.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700295336.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA97A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700402538.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1703294689-0
                                                                                                                                                                                                                • Opcode ID: f5bd35b994d705466abf85fcadaa355dadbc0a36878a45ce859ff20c5e8e7d7d
                                                                                                                                                                                                                • Instruction ID: 4ffae17aa9cf940964a164f5dbbbead029fbe4e8130c5b458b71818a786cafc4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f5bd35b994d705466abf85fcadaa355dadbc0a36878a45ce859ff20c5e8e7d7d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5EE04820B7570147E7546735D9D627912965F85742F0055B8D82FC23E3EE3DE4488340
                                                                                                                                                                                                                Function 00007FFBAA0D9570 Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 317COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.VCRUNTIME140(?,?,?,?,00007FFBAA02831D,?,?,?,?,00007FFBAA054917,?,?,?,00007FFBAA02207B), ref: 00007FFBAA0D9708
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700455257.00007FFBAA021000.00000020.00000001.01000000.0000002E.sdmp, Offset: 00007FFBAA020000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700426890.00007FFBAA020000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700555846.00007FFBAA142000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700614973.00007FFBAA16E000.00000004.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700646422.00007FFBAA173000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ffbaa020000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memset
                                                                                                                                                                                                                • String ID: gfff
                                                                                                                                                                                                                • API String ID: 2221118986-1553575800
                                                                                                                                                                                                                • Opcode ID: baa2ae2d10dfe4d87197a6b89a700d12a14e0d56cec0b4cffeda47b066427b2c
                                                                                                                                                                                                                • Instruction ID: 2114f452e4403a63da0f955b82de3a7313788907b82254ca8ebd5019d6b91e6b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: baa2ae2d10dfe4d87197a6b89a700d12a14e0d56cec0b4cffeda47b066427b2c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7CF10DA1E0F603D5FA678B75E850634229DAF46B80F0805B8ED1DC66A0FF3DB4578760
                                                                                                                                                                                                                Function 00007FF6FA94C980 Relevance: 3.2, APIs: 2, Instructions: 175COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700239529.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700209046.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700295336.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA97A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700402538.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                • Opcode ID: 418abc046f0238a7e4161840f51ccb75892871292d6ebbe86ace378d7f50b21f
                                                                                                                                                                                                                • Instruction ID: 102793b1c6f090bc18bde06ff3c1fc22278d62d0bccd1ece4f358fbe6e29aa9c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 418abc046f0238a7e4161840f51ccb75892871292d6ebbe86ace378d7f50b21f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8751B422B2964249FB68DE36940067A6691BF44BA4F08C276DE7DD77D7FE3CE4019600
                                                                                                                                                                                                                Function 00007FF6FA956ABC Relevance: 3.0, APIs: 2, Instructions: 42COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • SetFilePointerEx.KERNEL32(?,?,?,00007FF6FA9577DF,?,?,?,?,?,?,?,?,?,?,?,00007FF6FA957707), ref: 00007FF6FA956B00
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF6FA9577DF,?,?,?,?,?,?,?,?,?,?,?,00007FF6FA957707), ref: 00007FF6FA956B0A
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700239529.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700209046.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700295336.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA97A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700402538.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2976181284-0
                                                                                                                                                                                                                • Opcode ID: 1070729c18fb5a550bb7979bd9dd777fb7470f3e740498ab44d3ee6d69d9d9f5
                                                                                                                                                                                                                • Instruction ID: 3c4150859ddafbc603eced56623ee01833c192e66142bc3f82f85216e88547c2
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1070729c18fb5a550bb7979bd9dd777fb7470f3e740498ab44d3ee6d69d9d9f5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: AA01C462B2CA8241EB109B69E8450797291AF44BF1F588371EA7ECB7D6EE7CD4518300
                                                                                                                                                                                                                Function 00007FF6FA955B24 Relevance: 2.6, APIs: 2, Instructions: 55COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,00007FF6FA955A57,?,?,00000000,00007FF6FA955AFF,?,?,?,?,?,?,00007FF6FA94C892), ref: 00007FF6FA955B8A
                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF6FA955A57,?,?,00000000,00007FF6FA955AFF,?,?,?,?,?,?,00007FF6FA94C892), ref: 00007FF6FA955B94
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700239529.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700209046.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700295336.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA97A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700402538.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 918212764-0
                                                                                                                                                                                                                • Opcode ID: 482a02ddfad1f0d1748aaf476af5d25a2817b8fdf229cc618c88afa72f650b78
                                                                                                                                                                                                                • Instruction ID: 56623dce8fd0246a39f21c00cac2f0cac03892339184574d3372f994f49eb200
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 482a02ddfad1f0d1748aaf476af5d25a2817b8fdf229cc618c88afa72f650b78
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0F119325B2C64249FFA4576894AA37C12C69F447A6F5406B5DA3ECB3C3FE6CE4858200
                                                                                                                                                                                                                Function 00007FFBAA02F4C0 Relevance: 1.7, APIs: 1, Instructions: 214COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetSystemInfo.KERNEL32(?,?,?,?,00007FFBAA0D984B,?,?,?,?,00007FFBAA02831D,?,?,?,?,00007FFBAA054917), ref: 00007FFBAA02F4E8
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700455257.00007FFBAA021000.00000020.00000001.01000000.0000002E.sdmp, Offset: 00007FFBAA020000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700426890.00007FFBAA020000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700555846.00007FFBAA142000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700614973.00007FFBAA16E000.00000004.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700646422.00007FFBAA173000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ffbaa020000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: InfoSystem
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 31276548-0
                                                                                                                                                                                                                • Opcode ID: 4101df5f3c09264584a76a1059df5c30a4529edce02f8e79a551b869eee91f16
                                                                                                                                                                                                                • Instruction ID: dff680db776a93369bba539f86e0aae35629e14a26175356f4658dfe9aa51383
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4101df5f3c09264584a76a1059df5c30a4529edce02f8e79a551b869eee91f16
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FCA11CA1D0B703D1FE678B75E564634229CBF46BC0F1415B9CE0D462A0EF6CE47B8A60
                                                                                                                                                                                                                Function 00007FF6FA956860 Relevance: 1.6, APIs: 1, Instructions: 104COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700239529.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700209046.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700295336.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA97A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700402538.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                • Opcode ID: c5dd71678ec1c3fccfd7b12bb33d50ac5b5a91bc82f8ec354b455621dbb7ad32
                                                                                                                                                                                                                • Instruction ID: f47c44313cb5d27676193990d2ceea550b1b26ca08509a99917efc1b84fd4217
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c5dd71678ec1c3fccfd7b12bb33d50ac5b5a91bc82f8ec354b455621dbb7ad32
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E641C332A282018AEB549B1CD65227837E0FB81752F080171DBBDC77D2EF6DE462C791
                                                                                                                                                                                                                Function 00007FF6FA95309C Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700239529.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700209046.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700295336.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA97A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700402538.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                • Opcode ID: 18b213fde59874ac87f85e5de4d39c2b719f2023920e8f19be70c6083ce6ebcb
                                                                                                                                                                                                                • Instruction ID: 2d7eab4469fec9bbea7d75d7a03104fdb8ed5fdd2cd79fcc9efa69a6399f8640
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 18b213fde59874ac87f85e5de4d39c2b719f2023920e8f19be70c6083ce6ebcb
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C5319322E38A4689EB509A39C5A637A27D09B40FD5F044179DA2EC77D7EF7CE8458340
                                                                                                                                                                                                                Function 00007FF6FA946CF0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700239529.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700209046.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700295336.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA97A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700402538.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _fread_nolock
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 840049012-0
                                                                                                                                                                                                                • Opcode ID: 94fef03a2a406a099032a69cbdc3e12070eba0348afc1dc50eda2e17d3cc1b63
                                                                                                                                                                                                                • Instruction ID: b4495dd3d170bd4a4568a44522a16ced1e0c538e7826ca33820489a8df77b0a4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 94fef03a2a406a099032a69cbdc3e12070eba0348afc1dc50eda2e17d3cc1b63
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4D219661B2866256FB549B1699143BA6691BF45BC4F888071EF7DC77C7EE3CE406C300
                                                                                                                                                                                                                Function 00007FF6FA9562EC Relevance: 1.6, APIs: 1, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700239529.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700209046.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700295336.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA97A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700402538.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                • Opcode ID: fc9ed733c9531663f2a1fa64f5afa218c335b2449458d7cf86e62dd5dbc485b9
                                                                                                                                                                                                                • Instruction ID: 2002604bfcb297708450e08ef9c213932be9815bcb9ae78b0e1e3d70014c8a84
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fc9ed733c9531663f2a1fa64f5afa218c335b2449458d7cf86e62dd5dbc485b9
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C9316122A2C64289E7156F59D84237D3690AF80BA2F9541B5EE3DC73D3EFBCE4418721
                                                                                                                                                                                                                Function 00007FF6FA9569CC Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700239529.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700209046.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700295336.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA97A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700402538.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 1c1c2126216073ca25d245121089a136ff3a7aa371bcd7b64ec763e68947bfc6
                                                                                                                                                                                                                • Instruction ID: f061ecab87f891f19b58f543ec3ebe14987e5765ba2b06309d88a1f44539166f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c1c2126216073ca25d245121089a136ff3a7aa371bcd7b64ec763e68947bfc6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 26217C62A2864249E7056F59984237D3690BB40BB2F5986B5EE3DC73D3EE7CE4418710
                                                                                                                                                                                                                Function 00007FF6FA950C88 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700239529.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700209046.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700295336.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA97A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700402538.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                • Opcode ID: 6a0c664ea0f4c756350c608c231ff57430cf4264c82a4fdbd8aab7f477704700
                                                                                                                                                                                                                • Instruction ID: 9661d805b27a2b0f72e9f7e91717a8cdb2d74657d268963b34e6efccc6e98ae9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6a0c664ea0f4c756350c608c231ff57430cf4264c82a4fdbd8aab7f477704700
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 65115121A2C64289EF609F59D45227DB2E4BF85B85F5444B1EE6CC7AD7EF3CD4008750
                                                                                                                                                                                                                Function 00007FF6FA960954 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700239529.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700209046.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700295336.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA97A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700402538.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                • Opcode ID: c350cc26a48ec555f8fe80a66dafdb4ca60a247c62ca8753b8880114feebe66c
                                                                                                                                                                                                                • Instruction ID: c66624b97d039103a54f5713cfa5df530150a153fe6567e545bfb553eed4ddc1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c350cc26a48ec555f8fe80a66dafdb4ca60a247c62ca8753b8880114feebe66c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 84219832628A4146E7618F18D48137976A1FF85B94F148274E6ADC77D7FF3CD8108740
                                                                                                                                                                                                                Function 00007FF6FA9542D8 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700239529.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700209046.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700295336.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA97A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700402538.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3947729631-0
                                                                                                                                                                                                                • Opcode ID: 43a0ca25b5b6844c1e1db732f007f001f54d2ff9bdd56d7814c1d6215129c12c
                                                                                                                                                                                                                • Instruction ID: 1a106fd4b5e7a1a5fbd70fac59a3ad6533a7aef06c6c569ce97925aba6d888ff
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 43a0ca25b5b6844c1e1db732f007f001f54d2ff9bdd56d7814c1d6215129c12c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 29217131E257028EEB509F78D4412AC36E5EB84709F844575D61C82BDAEF38D545CB80
                                                                                                                                                                                                                Function 00007FF6FA94CC00 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700239529.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700209046.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700295336.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA97A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700402538.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                • Opcode ID: 050f2a8f569f90b9d9de9d5361addb679e72bb7a6764323921c2888df917ddcb
                                                                                                                                                                                                                • Instruction ID: 1e11c14be65bae77ab56ff8d09c56f04a108fdd95c65ee9b983ea78dc05f47d9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 050f2a8f569f90b9d9de9d5361addb679e72bb7a6764323921c2888df917ddcb
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C001C461A2875244EB14DB629801079B694BF85FE0F08C6B2DE7CD7BD7EE3CE4014300
                                                                                                                                                                                                                Function 00007FF6FA955A80 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700239529.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700209046.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700295336.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA97A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700402538.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 66a92c8017b1c3694242cf642bf5e48a42ebde1ff1b4540aa1cd3d890f4142b9
                                                                                                                                                                                                                • Instruction ID: 9d7c672dcc0b8cc96fbd4a943997fdcc1568773d5e0b186c24f0044dcc5802e9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 66a92c8017b1c3694242cf642bf5e48a42ebde1ff1b4540aa1cd3d890f4142b9
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1611917692C6438AEB049F54D4462BD77A0FB80762F9041B2EA6DC62E7EF7CE004C710
                                                                                                                                                                                                                Function 00007FF6FA94C840 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700239529.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700209046.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700295336.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA97A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700402538.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                • Opcode ID: e6931b6c3aa3e516f0ec126b93670d8baae33747ede93eb3b693a768aeb603a6
                                                                                                                                                                                                                • Instruction ID: 8f50296c1c591d5ffd6453f215d7146bacca891160c26d76b39643528bb1fc11
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e6931b6c3aa3e516f0ec126b93670d8baae33747ede93eb3b693a768aeb603a6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1D018421E2810249FF546A79A45237D11906F857A4F6547B1ED3ECA3C3FE2CE4018240
                                                                                                                                                                                                                Function 70A961A0 Relevance: 1.5, APIs: 1, Instructions: 35memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                • Opcode ID: 49d10bfd3b1bbcd756db62a4f63dd0993da53e5e8617dc023a970a1a4dbcfd5d
                                                                                                                                                                                                                • Instruction ID: 6302ce20af1cc994caa7ae9dae8c87f0daf10d7ea461e39018fcdd3f0113c9b7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 49d10bfd3b1bbcd756db62a4f63dd0993da53e5e8617dc023a970a1a4dbcfd5d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E9F0F87073903486E73B0621DB10B9C28E86F16791F70031A9D164BAAED59FC685AF4A
                                                                                                                                                                                                                Function 00007FF6FA94CCA8 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700239529.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700209046.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700295336.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA97A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700402538.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                • Opcode ID: d27ab3f074c20aa396e25fcbfc74d5af21bb4413395d19741f8897ba95156ec4
                                                                                                                                                                                                                • Instruction ID: 057fbc5cf6aba7a1aae0a41cd4261f750494473f0b3b2a0524fc8902bf58846f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d27ab3f074c20aa396e25fcbfc74d5af21bb4413395d19741f8897ba95156ec4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A1F09021F2CA8245EB10AA56A81107D6191BF86BE0F589571FD7DC7BC7EE6CD8414710
                                                                                                                                                                                                                Function 70A70830 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: c823faa15566a86fb00b9333fdc6012f9f5f1a8bdd8901f582e7834435a46c45
                                                                                                                                                                                                                • Instruction ID: 844052589c766181325261979793a9de1e1e65e2f2ed640dd78682ccce03931c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c823faa15566a86fb00b9333fdc6012f9f5f1a8bdd8901f582e7834435a46c45
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C4F012A0B95205CDF714E7B1AE53B1D32A46F58384F80F038940AC526DE768E985CA9B
                                                                                                                                                                                                                Function 00007FF6FA94C8C4 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700239529.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700209046.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700295336.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA97A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700402538.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                • Opcode ID: 543a764d24b90672a05431dc1a130dac9a0496b5ba23ca517f68794dfbf99782
                                                                                                                                                                                                                • Instruction ID: 4ada1cf035a6bd1ad0555757ec94ffe52bfa991fdfcf54bfd1e0ba177aa9da4b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 543a764d24b90672a05431dc1a130dac9a0496b5ba23ca517f68794dfbf99782
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C0F08231E2C60749EB54ABA9A41217D2290BF85794F2886B1FE3ECA3C3FE2CE4415750
                                                                                                                                                                                                                Function 00007FF6FA953048 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700239529.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700209046.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700295336.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA97A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700402538.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                • Opcode ID: dccd32863e6f506b4f301f1450c7bfa29d8f33399d9aa950cae963106b31457f
                                                                                                                                                                                                                • Instruction ID: 53a391966099546d45fd73c1f7c9f7a30cb83b4598944f5673030f4ee27bbfd1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: dccd32863e6f506b4f301f1450c7bfa29d8f33399d9aa950cae963106b31457f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8E03021A6974344EB14ABBAA42217A22909F85BF0F445770EA7EC66C3EE6CD0504714
                                                                                                                                                                                                                Function 00007FF6FA946CA0 Relevance: 1.5, APIs: 1, Instructions: 20libraryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 00007FF6FA947490: MultiByteToWideChar.KERNEL32 ref: 00007FF6FA9474CA
                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF6FA942E7E), ref: 00007FF6FA946CC3
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700239529.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700209046.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700295336.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA97A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700402538.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2592636585-0
                                                                                                                                                                                                                • Opcode ID: cfb17b4cedcbdf94c82b73165c7782a932b45aa8d05d83135f9ae0837b036982
                                                                                                                                                                                                                • Instruction ID: 710545c1ee64abfcb6a24627ecc5c49ce3db5606b814013e2923704078e17aa8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: cfb17b4cedcbdf94c82b73165c7782a932b45aa8d05d83135f9ae0837b036982
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E9E08612B2414652DB189777E55547AA251AF48FC0B48D035DE6EC7796ED3CD4908A00
                                                                                                                                                                                                                Function 00007FF6FA9559CC Relevance: 1.5, APIs: 1, Instructions: 14memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700239529.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700209046.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700295336.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA97A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700402538.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3298025750-0
                                                                                                                                                                                                                • Opcode ID: acdbf11aae047a79c9ec42cda96ce7ee898aca8c8a575da0409811d9637c2f0e
                                                                                                                                                                                                                • Instruction ID: f79f841e6869bcce86a3549d30a1a7947ce15ba361d83396a0752e512011fdc7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: acdbf11aae047a79c9ec42cda96ce7ee898aca8c8a575da0409811d9637c2f0e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 83D0A944E3D14387FB2897E2A88203002991FA4F82F0840B0CC3CC02E3BE0CA4810260
                                                                                                                                                                                                                Function 70A93D70 Relevance: 1.5, APIs: 1, Instructions: 213COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memset
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2221118986-0
                                                                                                                                                                                                                • Opcode ID: a08d9ca910d21b77587ba1d857b94bf5e366f1e9c5df235c1de5637b90e8be30
                                                                                                                                                                                                                • Instruction ID: 8fb5f88bfe15a89395bf2ce6cb42b89412a305677f831cbb755cbd6d2b528df1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a08d9ca910d21b77587ba1d857b94bf5e366f1e9c5df235c1de5637b90e8be30
                                                                                                                                                                                                                • Instruction Fuzzy Hash: ED9177B3B20A9486DB558F26D05135D3BF5E709F98F18411ADE8A0B79CDB38C895C384
                                                                                                                                                                                                                Function 00007FF6FA959550 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • HeapAlloc.KERNEL32(?,?,00000000,00007FF6FA9586BD,?,?,00000000,00007FF6FA94FC79,?,?,?,?,00007FF6FA9559F1), ref: 00007FF6FA9595A5
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700239529.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700209046.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700295336.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA97A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700402538.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AllocHeap
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4292702814-0
                                                                                                                                                                                                                • Opcode ID: afbdb11ed1b08d377bc5fadb4004119812ee57a7d3acb3d5a3c71706b847d8e8
                                                                                                                                                                                                                • Instruction ID: 4a7aad70269ecf8b4e1406f006e8e1ed8b4f7cfe007e65ee93bc491de0066d2e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: afbdb11ed1b08d377bc5fadb4004119812ee57a7d3acb3d5a3c71706b847d8e8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 30F06D4CB2A20349FF5457AA99022B513D65F98B92F4C40B0DD2FC63D3FF1CE4A28220
                                                                                                                                                                                                                Function 00007FF6FA957D90 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700239529.00007FF6FA941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6FA940000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700209046.00007FF6FA940000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700295336.00007FF6FA965000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA977000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA97A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700328068.00007FF6FA986000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700402538.00007FF6FA988000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff6fa940000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AllocHeap
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4292702814-0
                                                                                                                                                                                                                • Opcode ID: da64b355eaac81519204d4bb0c2681d204a24ced9ca617c428c4ac08c8bc7bff
                                                                                                                                                                                                                • Instruction ID: af207f6ca77ad9c2cdf8e76611a021efd83277df7eb84fb10a91409a361311b9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: da64b355eaac81519204d4bb0c2681d204a24ced9ca617c428c4ac08c8bc7bff
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 10F08C11B3D20749FB6467AA584237522E45F84BB2F080AB4DC3EC63C3FE2CA5418A20
                                                                                                                                                                                                                Function 70A70C30 Relevance: 1.3, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: free
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1294909896-0
                                                                                                                                                                                                                • Opcode ID: 11926e8aac614788481d86786482c1512f2f894a64f86faaff5e2741f2eeb34b
                                                                                                                                                                                                                • Instruction ID: 9e8e68cd071f58dd3d494a028eae8bd57b5eb3cf435511a16bc6720ebf6707ed
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 11926e8aac614788481d86786482c1512f2f894a64f86faaff5e2741f2eeb34b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A5C08CA6B13A00C1FF0A5BA2FC623382220AB5CF05F189110CE0E46304CB2C80908301

                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                Function 70A227E0 Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 156memoryfileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 70A2282C
                                                                                                                                                                                                                • CreateFileA.KERNEL32 ref: 70A22860
                                                                                                                                                                                                                • GlobalAlloc.KERNEL32 ref: 70A2287A
                                                                                                                                                                                                                • DeviceIoControl.KERNEL32 ref: 70A228F4
                                                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 70A2290A
                                                                                                                                                                                                                • _snprintf.MSVCRT ref: 70A22947
                                                                                                                                                                                                                • CreateFileA.KERNEL32 ref: 70A22974
                                                                                                                                                                                                                • GlobalAlloc.KERNEL32 ref: 70A22995
                                                                                                                                                                                                                • GlobalAlloc.KERNEL32 ref: 70A229A4
                                                                                                                                                                                                                • DeviceIoControl.KERNEL32 ref: 70A229EC
                                                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 70A22A05
                                                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 70A22A0A
                                                                                                                                                                                                                • CloseHandle.KERNEL32 ref: 70A22A14
                                                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 70A22A36
                                                                                                                                                                                                                  • Part of subcall function 70A224D0: GetLastError.KERNEL32 ref: 70A224D4
                                                                                                                                                                                                                  • Part of subcall function 70A224D0: FormatMessageA.KERNEL32 ref: 70A22505
                                                                                                                                                                                                                  • Part of subcall function 70A224D0: LocalFree.KERNEL32 ref: 70A22526
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Global$Free$Alloc$ControlCreateDeviceFile_snprintf$CloseErrorFormatHandleLastLocalMessage
                                                                                                                                                                                                                • String ID: /%d:$Empty serial number$SCSIDISK$\\.\PhysicalDrive%d$\\.\Scsi%d$platforms/windows/hdinfo.c
                                                                                                                                                                                                                • API String ID: 1119308327-2400754906
                                                                                                                                                                                                                • Opcode ID: 384ffa04cd1a696324e7cec84fd171729c384a46f7cec705e0c5612fa5f50a0b
                                                                                                                                                                                                                • Instruction ID: b4551d7441d01ad9ae180f4a3ea40a004a1ba3e9d6619aaa2720dffcf790b555
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 384ffa04cd1a696324e7cec84fd171729c384a46f7cec705e0c5612fa5f50a0b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D551D031704A858AE7209F22F81474B7B64F788BE8F544325AE5E47BD8CF7CD60A8744
                                                                                                                                                                                                                Function 70A22B90 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 171fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CloseHandleisxdigitmemset$ControlCreateDeviceFileisprintmemcpywsprintf
                                                                                                                                                                                                                • String ID: /%d:$\\.\PhysicalDrive%d
                                                                                                                                                                                                                • API String ID: 2355516209-72258043
                                                                                                                                                                                                                • Opcode ID: c46139a651565a537a26ae49c0ef5d3c068ea7cb58dc9807431f723c5a7c1a3e
                                                                                                                                                                                                                • Instruction ID: 9dac0609806135c3308a367260ad570ebac124ab385acaec6edb51da7337f25a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c46139a651565a537a26ae49c0ef5d3c068ea7cb58dc9807431f723c5a7c1a3e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A514772718A8095E701CB22F84435FBBA6BBC5795F448235EE9A87B9CDB7CC509C740
                                                                                                                                                                                                                Function 70A37D40 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 110encryptionCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Cryptclock$Context$Acquire$RandomRelease
                                                                                                                                                                                                                • String ID: ($Microsoft Base Cryptographic Provider v1.0$out != NULL$src/prngs/rng_get_bytes.c
                                                                                                                                                                                                                • API String ID: 2525729555-3762154145
                                                                                                                                                                                                                • Opcode ID: 5bec18a9c7578fe2ec0224cbb84f8722a9f82902861a66ec4bcf88b42fc9b169
                                                                                                                                                                                                                • Instruction ID: 422e7d945204d27204d2d6b6afd15af86af9bc0835e01cac6feafe0ac117ae3d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5bec18a9c7578fe2ec0224cbb84f8722a9f82902861a66ec4bcf88b42fc9b169
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9731263270868482E721CB66E94435EA6B6B78DBD0FA14525DE4A43328EF7DDD46C340
                                                                                                                                                                                                                Function 70A22540 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 98memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • platforms/windows/hdinfo.c, xrefs: 70A22687
                                                                                                                                                                                                                • %02x:%02x:%02x:%02x:%02x:%02x, xrefs: 70A225B7
                                                                                                                                                                                                                • Too small size, xrefs: 70A22680
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$Process$AdaptersAddressesFree$Alloc
                                                                                                                                                                                                                • String ID: %02x:%02x:%02x:%02x:%02x:%02x$Too small size$platforms/windows/hdinfo.c
                                                                                                                                                                                                                • API String ID: 3314560173-3552495142
                                                                                                                                                                                                                • Opcode ID: b57a8ce08a754f6cf6ec0152526fb15f66516f8a692f16ecd1f26efd470e5a92
                                                                                                                                                                                                                • Instruction ID: 88f9e28fe60658c3117d3e7cc8d6a77d82bb89847621998976c2e65d8d0435d6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b57a8ce08a754f6cf6ec0152526fb15f66516f8a692f16ecd1f26efd470e5a92
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2931F6226082919AD710DBBAF810B2F7BA2E789B95F444236BD598375CDF3CD504DB00
                                                                                                                                                                                                                Function 00007FFBAA0DCAD0 Relevance: 20.0, APIs: 2, Strings: 11, Instructions: 464COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700455257.00007FFBAA021000.00000020.00000001.01000000.0000002E.sdmp, Offset: 00007FFBAA020000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700426890.00007FFBAA020000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700555846.00007FFBAA142000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700614973.00007FFBAA16E000.00000004.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700646422.00007FFBAA173000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ffbaa020000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memcmpmemcpy
                                                                                                                                                                                                                • String ID: %s mode not allowed: %s$access$cach$cache$file$invalid uri authority: %.*s$localhos$mode$mode$no such %s mode: %s$no such vfs: %s
                                                                                                                                                                                                                • API String ID: 1784268899-684317951
                                                                                                                                                                                                                • Opcode ID: 71f7050b7d336f96de0849a598a7cad26329ae40fba362b91fcf86cb0713eb0d
                                                                                                                                                                                                                • Instruction ID: beb9a033014cee5e325b123703f4624fcdadc5974b83ddfbb928325c6d5acf69
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 71f7050b7d336f96de0849a598a7cad26329ae40fba362b91fcf86cb0713eb0d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F212E5E390E283D5FB738B30D4403796A99AB41B98F0542B6DE5D876C1DE3CE4678720
                                                                                                                                                                                                                Function 70A22360 Relevance: 15.1, APIs: 10, Instructions: 105memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$Process$Free$AdaptersAddressesAllocmemcpy
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3510192139-0
                                                                                                                                                                                                                • Opcode ID: 460cfef02125aafe1f9c14dabf3492322ad1734782819cba27e93f61b5d0619c
                                                                                                                                                                                                                • Instruction ID: e5cbd6fc2634aa037c67ddad1f4e67055fa624644dc4606b2211ccd083273d5f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 460cfef02125aafe1f9c14dabf3492322ad1734782819cba27e93f61b5d0619c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1231E1227145919ED751EB6AFD00B5E27A6AB88BD4F588139EE0D87B1CEF38C941C700
                                                                                                                                                                                                                Function 00007FFBAA04B3B0 Relevance: 12.4, APIs: 1, Strings: 7, Instructions: 427COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700455257.00007FFBAA021000.00000020.00000001.01000000.0000002E.sdmp, Offset: 00007FFBAA020000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700426890.00007FFBAA020000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700555846.00007FFBAA142000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700614973.00007FFBAA16E000.00000004.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700646422.00007FFBAA173000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ffbaa020000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memset
                                                                                                                                                                                                                • String ID: Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)$Failed to read ptrmap key=%d$Main freelist: $Page %d is never used$Pointer map page %d is referenced$incremental_vacuum enabled with a max rootpage of zero$max rootpage (%d) disagrees with header (%d)
                                                                                                                                                                                                                • API String ID: 2221118986-2103957143
                                                                                                                                                                                                                • Opcode ID: 8974cff617b037a2cbb366b3a1f9b87a4917edc6cd9f0397b0ecb4c56af404a9
                                                                                                                                                                                                                • Instruction ID: 1c6f3fa9962a77a85568346cc6c87ab8c3adb3790a995dd832d013eb65914337
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8974cff617b037a2cbb366b3a1f9b87a4917edc6cd9f0397b0ecb4c56af404a9
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7E128BB2A0A642C7EB268B75D4847B977ADFB46748F04017ADE8D47A94CF3CE452C720
                                                                                                                                                                                                                Function 70A94FD0 Relevance: 12.0, APIs: 8, Instructions: 50COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • RtlCaptureContext.KERNEL32 ref: 70A94FE4
                                                                                                                                                                                                                • RtlLookupFunctionEntry.KERNEL32 ref: 70A94FFB
                                                                                                                                                                                                                • RtlVirtualUnwind.KERNEL32 ref: 70A9503D
                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32 ref: 70A95081
                                                                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32 ref: 70A9508E
                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 70A95094
                                                                                                                                                                                                                • TerminateProcess.KERNEL32 ref: 70A950A2
                                                                                                                                                                                                                • abort.MSVCRT ref: 70A950A8
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentEntryFunctionLookupTerminateUnwindVirtualabort
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4278921479-0
                                                                                                                                                                                                                • Opcode ID: b2a2748310470f8899fff848dd700a17d42f3ab7c6db63b48048a1e4d32b5f4f
                                                                                                                                                                                                                • Instruction ID: bd5656f3dada476d7da197d5acffcd9356e3a21da82ff8a1aa9186586d4c7419
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b2a2748310470f8899fff848dd700a17d42f3ab7c6db63b48048a1e4d32b5f4f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B121F072A19F00DAEB00DB65F88539933A8BB18B94F54462AD94E53728EF3CE615C744
                                                                                                                                                                                                                Function 00007FFBAA09FA00 Relevance: 10.9, APIs: 1, Strings: 6, Instructions: 414COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700455257.00007FFBAA021000.00000020.00000001.01000000.0000002E.sdmp, Offset: 00007FFBAA020000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700426890.00007FFBAA020000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700555846.00007FFBAA142000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700614973.00007FFBAA16E000.00000004.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700646422.00007FFBAA173000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ffbaa020000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: CREATE TABLE x(type text,name text,tbl_name text,rootpage int,sql text)$SELECT*FROM"%w".%s ORDER BY rowid$ase$sqlite_master$sqlite_temp_master$table
                                                                                                                                                                                                                • API String ID: 0-879093740
                                                                                                                                                                                                                • Opcode ID: 25046b3311c812a3e230470b74f7a793af2e353c23d9b1b6d1b7156e57546b0c
                                                                                                                                                                                                                • Instruction ID: b8bde3918e4c32e9f3fa95ca2923401d99d6d2ed5e6bb8c75dba476b1bdecde6
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 25046b3311c812a3e230470b74f7a793af2e353c23d9b1b6d1b7156e57546b0c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 48127CB2A0A783CAEB628F38C4503BD37A9EB45B48F194175DE4D17295DF38E466C360
                                                                                                                                                                                                                Function 00007FFBAA089F60 Relevance: 9.4, APIs: 2, Strings: 4, Instructions: 406COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700455257.00007FFBAA021000.00000020.00000001.01000000.0000002E.sdmp, Offset: 00007FFBAA020000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700426890.00007FFBAA020000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700555846.00007FFBAA142000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700614973.00007FFBAA16E000.00000004.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700646422.00007FFBAA173000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ffbaa020000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                • String ID: %!.15g$%!.20e$'$NULL
                                                                                                                                                                                                                • API String ID: 3510742995-3076496109
                                                                                                                                                                                                                • Opcode ID: de88a7cd47d3ef06b3c6ab42353fb39821032b36b71b270cd757052556e2c01d
                                                                                                                                                                                                                • Instruction ID: 7ba2f15b8660ccdc4d68202f185b044ed976bf24d6fef1c35d42b44fbbf2352b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: de88a7cd47d3ef06b3c6ab42353fb39821032b36b71b270cd757052556e2c01d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E02B3A1A0A683C5EB768B35C050378B3A8EF49B84F099175DE4E07B91DF2DE463C324
                                                                                                                                                                                                                Function 00007FFBAA0A4FC0 Relevance: 8.0, APIs: 2, Strings: 3, Instructions: 489COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memset.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00007FFBAA0A504B
                                                                                                                                                                                                                • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00007FFBAA0A5199
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700455257.00007FFBAA021000.00000020.00000001.01000000.0000002E.sdmp, Offset: 00007FFBAA020000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700426890.00007FFBAA020000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700555846.00007FFBAA142000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700614973.00007FFBAA16E000.00000004.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700646422.00007FFBAA173000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ffbaa020000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memcpymemset
                                                                                                                                                                                                                • String ID: %.*z:%u$column%d$rowid
                                                                                                                                                                                                                • API String ID: 1297977491-2903559916
                                                                                                                                                                                                                • Opcode ID: 417c1c99527cca32829bfa5a48e6c9b7211bbdf0742b449713eeb8fa450d57a3
                                                                                                                                                                                                                • Instruction ID: 97ffc44681f8ff2be84bf3c05d9d939cb8e06a98f1d45e68a552c374b5df436e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 417c1c99527cca32829bfa5a48e6c9b7211bbdf0742b449713eeb8fa450d57a3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9222D1F2A0A782C5EB668F25D05077967A8FB85B84F544179DE4E87784DF3CE4228720
                                                                                                                                                                                                                Function 70A0F220 Relevance: 7.7, APIs: 6, Instructions: 177COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: freememcpy
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3223336191-0
                                                                                                                                                                                                                • Opcode ID: f287b2072ea6946470282008087b7e23b302a66463c7ec6cfb87f24ad3a9771a
                                                                                                                                                                                                                • Instruction ID: 9a4f6bea6cfa91a9d34f553a13e8b3e30332e99cf9a49840e3e47333482b29e8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f287b2072ea6946470282008087b7e23b302a66463c7ec6cfb87f24ad3a9771a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F45144B2B142448AE710CF25FD4179EB3A0FB85BD4F584526EE0A97B68EB3CD941CB00
                                                                                                                                                                                                                Function 70A0F7C0 Relevance: 6.4, APIs: 2, Strings: 2, Instructions: 386COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: freememcpy
                                                                                                                                                                                                                • String ID: code$obfmode.c
                                                                                                                                                                                                                • API String ID: 3223336191-930819804
                                                                                                                                                                                                                • Opcode ID: dc14d8226260d49c9165f20aa5241bef20a306c605970bd135765dd0d34d7bdd
                                                                                                                                                                                                                • Instruction ID: 6917fd84ce4b7eec176e7c6c0ed5b612174d1cd21adbfbec51eb4a56df3fa37e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: dc14d8226260d49c9165f20aa5241bef20a306c605970bd135765dd0d34d7bdd
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A4F15C72609B89CAEB01CF15F89035A73B5F799B84F148616DA4E57B6CEB3CE941CB00
                                                                                                                                                                                                                Function 70A2B990 Relevance: 6.3, Strings: 4, Instructions: 1259COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: in != NULL$out != NULL$outlen != NULL$src/misc/base64/base64_decode.c
                                                                                                                                                                                                                • API String ID: 0-942433653
                                                                                                                                                                                                                • Opcode ID: b2558993aaca83f820dfd5d65f1f5451e7e216c40fc5bdb80812e44ec83140e8
                                                                                                                                                                                                                • Instruction ID: c220ff7af34c8ff94be0288ed6175b2c1fec263ddb90f7bceb27053363a4f9c4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b2558993aaca83f820dfd5d65f1f5451e7e216c40fc5bdb80812e44ec83140e8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD927A7392C7C887D3078E24A86436E7A22A3D9357F898235EF070739AE279DE55C351
                                                                                                                                                                                                                Function 70A06A70 Relevance: 4.5, APIs: 3, Instructions: 44memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AllocVirtual$InfoSystem
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2622297391-0
                                                                                                                                                                                                                • Opcode ID: 2a2f169c2492fb064d1481e1af4fe86063d5418802fbd42ad2118c2487268f2e
                                                                                                                                                                                                                • Instruction ID: b95bca28cee1b9da50b6bbd39b323721e2f1490902f3cf501d192141c67d9567
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2a2f169c2492fb064d1481e1af4fe86063d5418802fbd42ad2118c2487268f2e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7A01A7B0B1650882EF219722B91975976A26B58BD9F048B35DD1F5B79CFA2CD1808704
                                                                                                                                                                                                                Function 70A7094C Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 6dcaf8fd64b617dabc31471acd41cdaa2cab49e32dd27873edbdb04a6837cf38
                                                                                                                                                                                                                • Instruction ID: a617565d58accae0b82bea1d9ba64370edf8ce81b1a8690ee9e5b021d4ddefa3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6dcaf8fd64b617dabc31471acd41cdaa2cab49e32dd27873edbdb04a6837cf38
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34111CB2629240CFE3909F09E88471FBAA0E384754F10A125F29BCB7A9D7BCC944CF40
                                                                                                                                                                                                                Function 70B2A46C Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: f8f28ae1c5064edc36197fd34b3ce5f7242c7bbb5603eefa84972cc96b68dc4d
                                                                                                                                                                                                                • Instruction ID: 34606f23dd9d3d4484ea9bcdbfd089a0ab4ae144ae20c1db2dc4584714c2230b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f8f28ae1c5064edc36197fd34b3ce5f7242c7bbb5603eefa84972cc96b68dc4d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 31E0E28754F7C11FD3139A612D6945C2FB0959382638EC4CB93D6D33C3E48C9D0A9362
                                                                                                                                                                                                                Function 70B2A474 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 533735a4a28587e845d51ccf6f437f6309159605a2190b9999f3042bc5225e52
                                                                                                                                                                                                                • Instruction ID: a8bed45dd2439d82ce79edd4bca28bfd6655de8d8327e2ab9feb000468135ed3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 533735a4a28587e845d51ccf6f437f6309159605a2190b9999f3042bc5225e52
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8E0098750F7C10FD313AA602C6909C2FB095E382638A84C793D6C3387A08C9E0A8362
                                                                                                                                                                                                                Function 70B2A4BC Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: ac40e019d58a0c8a6d2e60b37acb6e883139a37a08886f7a3fce5995dc9093e5
                                                                                                                                                                                                                • Instruction ID: d66ceeccb73a0fe90cd539911f9be0d1bf2680dd2cf2158524c074bba840bba3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ac40e019d58a0c8a6d2e60b37acb6e883139a37a08886f7a3fce5995dc9093e5
                                                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                                                Function 70A04B80 Relevance: 119.4, APIs: 63, Strings: 5, Instructions: 431stringfileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _errno$fprintfstrerror$fclosefputc$fwrite
                                                                                                                                                                                                                • String ID: %s$%s,%d,0x%x,$_pytransform.c$inbuf$pytransform.log
                                                                                                                                                                                                                • API String ID: 3108438096-3708888661
                                                                                                                                                                                                                • Opcode ID: 0f87c7a9d6faf2ae14d44c15da9011867e33a50cb74b5941311ce4c591fe54ad
                                                                                                                                                                                                                • Instruction ID: 3d4bad9a6a3bd7ea6f5f26c18993db0544409fce498fc3e41b679f97711865c5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0f87c7a9d6faf2ae14d44c15da9011867e33a50cb74b5941311ce4c591fe54ad
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 89F19DB0B29355DAEA04AB52FD2075D2361BB89BC4F44422ADD0E17768EF7CF506C346
                                                                                                                                                                                                                Function 70A146D0 Relevance: 94.8, APIs: 47, Strings: 7, Instructions: 338stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _errno$fprintf$fclosefputc$freefseekmallocstrrchr
                                                                                                                                                                                                                • String ID: %s$%s,%d,0x%x,$.pye$__file__$__main__$_pytransform.c$pytransform.log
                                                                                                                                                                                                                • API String ID: 1013380922-457461209
                                                                                                                                                                                                                • Opcode ID: 82d458649a3144226b2a0ad43c7c5c9875671f79df2d5263f8ffe441c3a8bda6
                                                                                                                                                                                                                • Instruction ID: d7d20a93d83dc10e026fbd7492e7c367c7d7411f4b566ceb5cf149befee7c4f4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 82d458649a3144226b2a0ad43c7c5c9875671f79df2d5263f8ffe441c3a8bda6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D9D1B070B19716DAEA049B15EC1079D2361BB88BC0F44822ADD0E1B36CEF7CF946C346
                                                                                                                                                                                                                Function 70A185C0 Relevance: 84.3, APIs: 44, Strings: 4, Instructions: 322COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _errno$fprintf$fclosefputc$freadfreemalloc
                                                                                                                                                                                                                • String ID: %s$%s,%d,0x%x,$_pytransform.c$pytransform.log
                                                                                                                                                                                                                • API String ID: 957815278-2792274189
                                                                                                                                                                                                                • Opcode ID: d172e294434ab4a641e77c9dca610de1c378f1b40257b8b6b1460959e86a38db
                                                                                                                                                                                                                • Instruction ID: 7a9cf03f47818959a591ae26671a9d95f142265462c0a3ff709f9e3801c1769b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d172e294434ab4a641e77c9dca610de1c378f1b40257b8b6b1460959e86a38db
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 31C1A1A0B28352D9EA059B12FE1076C2366BB89BC5F44422ADE0E177ACDF3CF545C306
                                                                                                                                                                                                                Function 70A231A0 Relevance: 72.0, APIs: 25, Strings: 16, Instructions: 241filestringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • fwrite.MSVCRT ref: 70A231DE
                                                                                                                                                                                                                  • Part of subcall function 70A22E60: strlen.MSVCRT ref: 70A22E83
                                                                                                                                                                                                                • fprintf.MSVCRT ref: 70A23217
                                                                                                                                                                                                                • fputc.MSVCRT ref: 70A23249
                                                                                                                                                                                                                  • Part of subcall function 70A22540: GetAdaptersAddresses.IPHLPAPI ref: 70A22571
                                                                                                                                                                                                                  • Part of subcall function 70A22540: GetProcessHeap.KERNEL32 ref: 70A225ED
                                                                                                                                                                                                                  • Part of subcall function 70A22540: HeapFree.KERNEL32 ref: 70A225F7
                                                                                                                                                                                                                • fprintf.MSVCRT ref: 70A23278
                                                                                                                                                                                                                  • Part of subcall function 70A22360: GetProcessHeap.KERNEL32 ref: 70A223B3
                                                                                                                                                                                                                  • Part of subcall function 70A22360: HeapFree.KERNEL32 ref: 70A223BD
                                                                                                                                                                                                                • fputc.MSVCRT ref: 70A232A2
                                                                                                                                                                                                                  • Part of subcall function 70A226B0: GetAdaptersAddresses.IPHLPAPI ref: 70A226E4
                                                                                                                                                                                                                  • Part of subcall function 70A226B0: inet_ntoa.WS2_32 ref: 70A22725
                                                                                                                                                                                                                  • Part of subcall function 70A226B0: GetProcessHeap.KERNEL32 ref: 70A22740
                                                                                                                                                                                                                  • Part of subcall function 70A226B0: HeapFree.KERNEL32 ref: 70A2274A
                                                                                                                                                                                                                • fprintf.MSVCRT ref: 70A232D1
                                                                                                                                                                                                                • fputc.MSVCRT ref: 70A232E5
                                                                                                                                                                                                                  • Part of subcall function 70A22A90: GetProcessHeap.KERNEL32 ref: 70A22AAB
                                                                                                                                                                                                                  • Part of subcall function 70A22A90: HeapAlloc.KERNEL32 ref: 70A22ABF
                                                                                                                                                                                                                  • Part of subcall function 70A22A90: GetNetworkParams.IPHLPAPI ref: 70A22AF7
                                                                                                                                                                                                                  • Part of subcall function 70A22A90: GetProcessHeap.KERNEL32 ref: 70A22B19
                                                                                                                                                                                                                  • Part of subcall function 70A22A90: HeapFree.KERNEL32 ref: 70A22B23
                                                                                                                                                                                                                • fprintf.MSVCRT ref: 70A23314
                                                                                                                                                                                                                • fwrite.MSVCRT ref: 70A23335
                                                                                                                                                                                                                • strchr.MSVCRT ref: 70A2335B
                                                                                                                                                                                                                • fputc.MSVCRT ref: 70A23372
                                                                                                                                                                                                                • fwrite.MSVCRT ref: 70A23393
                                                                                                                                                                                                                • fprintf.MSVCRT ref: 70A233BB
                                                                                                                                                                                                                • strchr.MSVCRT ref: 70A233C8
                                                                                                                                                                                                                • fprintf.MSVCRT ref: 70A233E9
                                                                                                                                                                                                                • fputc.MSVCRT ref: 70A2340C
                                                                                                                                                                                                                • fwrite.MSVCRT ref: 70A2342D
                                                                                                                                                                                                                • fprintf.MSVCRT ref: 70A2346D
                                                                                                                                                                                                                • fprintf.MSVCRT ref: 70A23497
                                                                                                                                                                                                                • fputc.MSVCRT ref: 70A234B8
                                                                                                                                                                                                                • fwrite.MSVCRT ref: 70A23507
                                                                                                                                                                                                                • fwrite.MSVCRT ref: 70A23528
                                                                                                                                                                                                                • fwrite.MSVCRT ref: 70A23549
                                                                                                                                                                                                                • fwrite.MSVCRT ref: 70A2356A
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • Failed to get domain name., xrefs: 70A23555
                                                                                                                                                                                                                • Failed to get harddisk information., xrefs: 70A234F2
                                                                                                                                                                                                                • Default Mac address: "%s", xrefs: 70A2326B
                                                                                                                                                                                                                • Ip address: "%s", xrefs: 70A232C4
                                                                                                                                                                                                                • Failed to get mac address., xrefs: 70A23513
                                                                                                                                                                                                                • %02x, xrefs: 70A2348A
                                                                                                                                                                                                                • Serial number of default harddisk: "%s", xrefs: 70A2320A
                                                                                                                                                                                                                • >", xrefs: 70A234C7
                                                                                                                                                                                                                • Change logsv6.2.0(r21): Remove trailing dot from harddisk serial numberv6.4.2(r34): Support binding multiple mac addressesv6.5.3(r37): Support binding named harddiskv6.7.5(r45): Support mmc/sd card in Linux, xrefs: 70A23320
                                                                                                                                                                                                                • %02x:, xrefs: 70A233FB
                                                                                                                                                                                                                • Hardware informations got by PyArmor:, xrefs: 70A231C6
                                                                                                                                                                                                                • Multiple Mac addresses: "<, xrefs: 70A23418
                                                                                                                                                                                                                • "%s", xrefs: 70A2339D, 70A233DC
                                                                                                                                                                                                                • Failed to get ip address., xrefs: 70A23534
                                                                                                                                                                                                                • Domain name: "%s", xrefs: 70A23307
                                                                                                                                                                                                                • Serial number with disk name: , xrefs: 70A2337E
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$fprintffwrite$fputc$Process$Free$AdaptersAddressesstrchr$AllocNetworkParamsinet_ntoastrlen
                                                                                                                                                                                                                • String ID: "%s"$Change logsv6.2.0(r21): Remove trailing dot from harddisk serial numberv6.4.2(r34): Support binding multiple mac addressesv6.5.3(r37): Support binding named harddiskv6.7.5(r45): Support mmc/sd card in Linux$%02x$%02x:$>"$Default Mac address: "%s"$Domain name: "%s"$Failed to get domain name.$Failed to get harddisk information.$Failed to get ip address.$Failed to get mac address.$Hardware informations got by PyArmor:$Ip address: "%s"$Multiple Mac addresses: "<$Serial number of default harddisk: "%s"$Serial number with disk name:
                                                                                                                                                                                                                • API String ID: 340787292-3771683696
                                                                                                                                                                                                                • Opcode ID: 4f0036276bffa3d41c5d3d26c5b67faaa73ba1aac2b26e1b3d4ab6aca2ebdaff
                                                                                                                                                                                                                • Instruction ID: 7cf4ec60d40abed6019bb084c384aeaba2cfdcb1448b9c6858b5220a9006991e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4f0036276bffa3d41c5d3d26c5b67faaa73ba1aac2b26e1b3d4ab6aca2ebdaff
                                                                                                                                                                                                                • Instruction Fuzzy Hash: ED812611B1125089FB04B772FA257AE1686DBCA7D4F40823A9E0E4B3DDDE3DE64AD301
                                                                                                                                                                                                                Function 70A114B0 Relevance: 66.7, APIs: 33, Strings: 5, Instructions: 225stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: fprintf$_errno$strerror$fputc$fclose$_time64atoffreestrlenstrstr
                                                                                                                                                                                                                • String ID: %s$%s,%d,0x%x,$*TIME:$license.c$pytransform.log
                                                                                                                                                                                                                • API String ID: 3204063161-4277730492
                                                                                                                                                                                                                • Opcode ID: faf6224cf5504a5dc3bdeec8719ec7e14373f6519121fe5dacfce3a51b4c7c48
                                                                                                                                                                                                                • Instruction ID: 8595db075d6df9c7eea7435ccaa43dce6ff5ccab33650ea862acd363185379a8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: faf6224cf5504a5dc3bdeec8719ec7e14373f6519121fe5dacfce3a51b4c7c48
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FC81D660B29752CAEB059B21ED6035D23B6BF89BD4F488226DD0E173A8DF3CF5468305
                                                                                                                                                                                                                Function 70A10310 Relevance: 65.0, APIs: 32, Strings: 5, Instructions: 234COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _errnomalloc
                                                                                                                                                                                                                • String ID: %s$%s,%d,0x%x,$j > 0$protect.c$pytransform.log
                                                                                                                                                                                                                • API String ID: 2517923351-3883256839
                                                                                                                                                                                                                • Opcode ID: 4dc5b47ff0a49c269b6afca5914f8bfce4e5eee51c9dfa44d84ba538c194f108
                                                                                                                                                                                                                • Instruction ID: 55dd092c6d83b911cf73404e1139f6c4e33ecaefa4e62a000ee96560add7c6c3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4dc5b47ff0a49c269b6afca5914f8bfce4e5eee51c9dfa44d84ba538c194f108
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9781C761B187529AEA059B22E96075D33A2BF89BC0F48813ADD0D9736CDF7CF542C316
                                                                                                                                                                                                                Function 70A0A420 Relevance: 65.0, APIs: 32, Strings: 5, Instructions: 209COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _errno$freemalloc
                                                                                                                                                                                                                • String ID: %s$%s,%d,0x%x,$key != NULL$protect.c$pytransform.log
                                                                                                                                                                                                                • API String ID: 1860011666-3885171557
                                                                                                                                                                                                                • Opcode ID: bbcf7c7fd9569376295fae52137a17359815d18f0db1218fca529e742af67685
                                                                                                                                                                                                                • Instruction ID: c03905c545f92f074beef446a159d5fa843e1a1206fd094a7418e84a7fa833e4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: bbcf7c7fd9569376295fae52137a17359815d18f0db1218fca529e742af67685
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1171B360B19756D9EA04DB12FE2176D23A2BF99BC0F48813A9D0E17369EF3CF5018356
                                                                                                                                                                                                                Function 70A13150 Relevance: 59.7, APIs: 5, Strings: 29, Instructions: 230stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _errno$freemallocstrerror
                                                                                                                                                                                                                • String ID: (OOO)$+F7unNMN$04U5w91r$3fvNMf9L$41qM08fu$4mLks8EO$Ew==$HERhc2hp$IFB5c2hp$IoHvpCe3$RbgIUXyw$S8tSMMR7$UeQH2iY/$Wrap result failed$Xa2Z/Fdw$ZWxkIFBy$aGQGvX/a$b2plY3Ql$bmdzb2Z0$cDxn1XUJ$ej7tPRL6$fSis3Gx0$k6W630PQ$nc/WZrlr$oFj2UIkE$oVCzhcbp$p5dyeOAr$qNGCrKem$thDV3x4e
                                                                                                                                                                                                                • API String ID: 2349789213-1418605665
                                                                                                                                                                                                                • Opcode ID: 0fee515c2a46785967a36dd75a646779e35ac0a2a748732f6da08942a3a7403e
                                                                                                                                                                                                                • Instruction ID: 5316948da58dd5794ceb892ee4ff2ca9e69d6702223bda214d2d31568315f3cb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0fee515c2a46785967a36dd75a646779e35ac0a2a748732f6da08942a3a7403e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 31B14776606B8889DBA4CF26B85078E77E9F788BC4F54812ACE8D57718EF38D461C740
                                                                                                                                                                                                                Function 70A16FB0 Relevance: 58.0, APIs: 29, Strings: 4, Instructions: 235COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _errnofprintf$fputc$fclose
                                                                                                                                                                                                                • String ID: %s$%s,%d,0x%x,$_pytransform.c$pytransform.log
                                                                                                                                                                                                                • API String ID: 1597153534-2792274189
                                                                                                                                                                                                                • Opcode ID: bd45206d1aae3fcedcbdcd7995c2b3ecaa0a967c28b0aa546f2812d364520040
                                                                                                                                                                                                                • Instruction ID: ab83dbb1f22f42ce863df6c1740185282a1a89dcf8fc208aa1aca9b7befcec01
                                                                                                                                                                                                                • Opcode Fuzzy Hash: bd45206d1aae3fcedcbdcd7995c2b3ecaa0a967c28b0aa546f2812d364520040
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F0918B60B29752DAEB05DB12ED2075D2375BB88BC4F449226DD0E1B768DF3CFA468306
                                                                                                                                                                                                                Function 70A04590 Relevance: 57.9, APIs: 28, Strings: 5, Instructions: 194stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: fprintf$_errno$fputc$fclose$strerror
                                                                                                                                                                                                                • String ID: %s$%s,%d,0x%x,$(O)$pytransform.log$wrapper.c
                                                                                                                                                                                                                • API String ID: 1803879104-71371975
                                                                                                                                                                                                                • Opcode ID: 20dcfba8a94d0e5a4fff0f7e55a851bd5c6febb8109d1cf4ea1b1cfe96a2dc5e
                                                                                                                                                                                                                • Instruction ID: 7d177adf98675eb4246874fd312f1518b6594a3db155ca6cce61103b930204b0
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 20dcfba8a94d0e5a4fff0f7e55a851bd5c6febb8109d1cf4ea1b1cfe96a2dc5e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B871B2A0B29756D9EA049B12FE2075C2362BF89BC1F44822ACD0E17368EF7CF505C346
                                                                                                                                                                                                                Function 70A141A0 Relevance: 43.9, APIs: 19, Strings: 6, Instructions: 188stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _errno$free$mallocstrerrorstrlen$fclosefseek
                                                                                                                                                                                                                • String ID: Decode trial license failed$Format trial license file '%s'$Get current time failed$Invalid trial license file, size is %d != 256$Read trial license file '%s'$license.lic
                                                                                                                                                                                                                • API String ID: 1618752535-3017380149
                                                                                                                                                                                                                • Opcode ID: 2e7c6826e0a84d7a199170a70eca3f25cfc09e2a3f359b4f6f4a0f40bbf4d04c
                                                                                                                                                                                                                • Instruction ID: f9efaae0ce4471f16573380e206ccd876ca8f946db78b68186592aed2f550434
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2e7c6826e0a84d7a199170a70eca3f25cfc09e2a3f359b4f6f4a0f40bbf4d04c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C7111717096468ADB01CB24F9113AD63B6BBD4784F948225EA4E437ACEF7CE586C310
                                                                                                                                                                                                                Function 70A042E0 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 155stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: fprintf$_errno$fputc$fclosestrerror
                                                                                                                                                                                                                • String ID: %s$%s,%d,0x%x,$(O)$pytransform.log$wrapper.c
                                                                                                                                                                                                                • API String ID: 775964473-71371975
                                                                                                                                                                                                                • Opcode ID: e7ab8194e584fdf7d85ececd62a9fc5343cf40ce71b57fd71a0ca48bfd3d6d37
                                                                                                                                                                                                                • Instruction ID: 1cdb47f36d0b956a4b36afd2b9fcb31c1dcd5330a107a72d424494effbad33fe
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e7ab8194e584fdf7d85ececd62a9fc5343cf40ce71b57fd71a0ca48bfd3d6d37
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A5173A0B29756D9EA049B51FE2475D23A5BB88BC1F44822ADD0D1B36CEF7CF505C312
                                                                                                                                                                                                                Function 70A13680 Relevance: 42.3, APIs: 14, Strings: 10, Instructions: 271stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _errno$strerrorstrlen
                                                                                                                                                                                                                • String ID: %c%c%c%s$%c%s$%s%s$Could not generate license in trial version$Dashingsoft Pyshield Project$Encode buffer failed$Import rsa key failed$Sign hash failed$The size of serial number %d > 2048$The total size of serial number %d > 2560
                                                                                                                                                                                                                • API String ID: 427076510-1296519401
                                                                                                                                                                                                                • Opcode ID: 679a87fe3903baab6a36d49d4dfe7abb6cab9c4beaac5ff2b8fbbb24b3a171bd
                                                                                                                                                                                                                • Instruction ID: c1ecf48a3e836738f53b425fc0cca469055a19763858c4841e435463825440bb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 679a87fe3903baab6a36d49d4dfe7abb6cab9c4beaac5ff2b8fbbb24b3a171bd
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 25C13A72A09B818AE720CB51F95078EB3A5F7C8784F944126EA8D93B6CEF3CD545CB40
                                                                                                                                                                                                                Function 70A13BA0 Relevance: 38.7, APIs: 17, Strings: 5, Instructions: 168stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _errno$fclosefreadstrerror
                                                                                                                                                                                                                • String ID: Encode moudle key failed$Invalid public key %s$Open public key %s failed$Wrap result failed$Write output %s failed
                                                                                                                                                                                                                • API String ID: 1423157237-2416068227
                                                                                                                                                                                                                • Opcode ID: fc8263cf471056167a99d615c964ff8a8536502a1d140b0da7b445b64efe0c6d
                                                                                                                                                                                                                • Instruction ID: af059605efeb0241d670f754cc7be9cffb2ff31e841a2f17d9d8403a44a8109b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fc8263cf471056167a99d615c964ff8a8536502a1d140b0da7b445b64efe0c6d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5551CD62B1974695EB01DF51FE1039E23A4BB89BC4F844526EE0E13768EF3CE686C350
                                                                                                                                                                                                                Function 70A0EC00 Relevance: 38.6, APIs: 18, Strings: 4, Instructions: 115COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                  • Part of subcall function 70A04900: fseek.MSVCRT ref: 70A04954
                                                                                                                                                                                                                  • Part of subcall function 70A04900: malloc.MSVCRT ref: 70A0496E
                                                                                                                                                                                                                  • Part of subcall function 70A04900: fclose.MSVCRT ref: 70A049A3
                                                                                                                                                                                                                • _errno.MSVCRT ref: 70A0EC60
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _errnofclosefseekmalloc
                                                                                                                                                                                                                • String ID: %s$%s,%d,0x%x,$pytransform.log$utils.c
                                                                                                                                                                                                                • API String ID: 882899668-4272501623
                                                                                                                                                                                                                • Opcode ID: 17223cea7ad90b7dd39b25babe2557fc61845b7a460a3b87b77de20574d3a215
                                                                                                                                                                                                                • Instruction ID: c994ccc21fe8a1525a6cf9883ed7ae1ae7d774de7e677e36598178200c0b8333
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 17223cea7ad90b7dd39b25babe2557fc61845b7a460a3b87b77de20574d3a215
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9C41A261B25309D9EA01DB52FE5176D23A1BF98BC4F48822A9D0D573A8EF3CF541C346
                                                                                                                                                                                                                Function 70A18B90 Relevance: 36.9, APIs: 9, Strings: 12, Instructions: 165COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _strdup$fclosefprintf
                                                                                                                                                                                                                • String ID: __armor%s__$__armor__$__armor_enter%s__$__armor_enter__$__armor_exit%s__$__armor_exit__$__armor_wrap%s__$__armor_wrap__$__pyarmor%s__$__pyarmor__$little$pytransform.log
                                                                                                                                                                                                                • API String ID: 2840409039-221964360
                                                                                                                                                                                                                • Opcode ID: 06d010830221482c768ac7b0fa081fda18851481fa646e867f0ad123cb5477fe
                                                                                                                                                                                                                • Instruction ID: cf7dd6fc3acd19488ec7e0a1a9cafba60ce81224ccb3585ee8bbba285c7d896b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 06d010830221482c768ac7b0fa081fda18851481fa646e867f0ad123cb5477fe
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6051F561B19703D9FB118B61ED903AD2265BB487D4F84413ADD0E573A8DB3CFA85C352
                                                                                                                                                                                                                Function 70A13E60 Relevance: 35.2, APIs: 14, Strings: 6, Instructions: 182stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • This function is not included in trial version, xrefs: 70A13F2E
                                                                                                                                                                                                                • %.0f, xrefs: 70A14090
                                                                                                                                                                                                                • Failed to encode trial license., xrefs: 70A14180
                                                                                                                                                                                                                • Fail to write trial license file %s, xrefs: 70A13FA1
                                                                                                                                                                                                                • key/iv size is %d, it must be 32., xrefs: 70A1402A
                                                                                                                                                                                                                • %s is not a legal public key, xrefs: 70A13ED2
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: free$_errno_time64fclosefreadmallocstrlen
                                                                                                                                                                                                                • String ID: %.0f$%s is not a legal public key$Fail to write trial license file %s$Failed to encode trial license.$This function is not included in trial version$key/iv size is %d, it must be 32.
                                                                                                                                                                                                                • API String ID: 710462250-180510518
                                                                                                                                                                                                                • Opcode ID: 35b43d3abbb46c9e0a88625ea563a05af4a10be155eed0992325a3418ad647d6
                                                                                                                                                                                                                • Instruction ID: 5bcb7b5652196dab43ed459ec3781a481052032af02b736bfcf40bdcce502566
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 35b43d3abbb46c9e0a88625ea563a05af4a10be155eed0992325a3418ad647d6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 87610761B1574699DB01DB25E91139E63B4FB89BD4F848222EE0E1776CEF3CE586C310
                                                                                                                                                                                                                Function 70A106D0 Relevance: 35.1, APIs: 17, Strings: 3, Instructions: 93stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _errno$fprintf$fclosestrerror
                                                                                                                                                                                                                • String ID: %s$%s,%d,%s$pytransform.log
                                                                                                                                                                                                                • API String ID: 190382524-2823618119
                                                                                                                                                                                                                • Opcode ID: b22ec3faffb8614a653549c7a7985012044751e5084476f5063c17f1ebe97a3e
                                                                                                                                                                                                                • Instruction ID: b9c01ddd65afedd37a15345b8641c362f76c206aa8fef2bddf784dedc046aace
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b22ec3faffb8614a653549c7a7985012044751e5084476f5063c17f1ebe97a3e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DF319C7172560299EA14AB12FD20F6C33A1BB89BC0F988139AE0D57368DF7CF944C746
                                                                                                                                                                                                                Function 70A373E0 Relevance: 30.2, APIs: 16, Strings: 4, Instructions: 243COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: free$malloc$memcpy$memset
                                                                                                                                                                                                                • String ID: msghash != NULL$out != NULL$outlen != NULL$src/pk/pkcs1/pkcs_1_pss_encode.c
                                                                                                                                                                                                                • API String ID: 4204908464-4182795421
                                                                                                                                                                                                                • Opcode ID: 246829c954663de402a40489624608250503bf7e8efb20bb563f719af14e4b26
                                                                                                                                                                                                                • Instruction ID: 4243c5bb510a087f98c806dc7c414c84c0a9d4a0b9317dfa1883d90e73cbfc26
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 246829c954663de402a40489624608250503bf7e8efb20bb563f719af14e4b26
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3891C0B271868586DB20DB16E85476EB7A4FB8ABC4F804115EE4F87B2CDF39D449CB40
                                                                                                                                                                                                                Function 70A21F40 Relevance: 29.8, APIs: 12, Strings: 5, Instructions: 80stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: fprintf$_errno$fputc$fclosestrerror
                                                                                                                                                                                                                • String ID: %s$%s,%d,0x%x,$(iii)$_pytransform.c$pytransform.log
                                                                                                                                                                                                                • API String ID: 775964473-1072082768
                                                                                                                                                                                                                • Opcode ID: 4d1e57ddf9eea5da1267a453972f73117702d16c2e015693883435c7f85a4c26
                                                                                                                                                                                                                • Instruction ID: 6c8511050860788e805defbd93931538faa15d6782fb7d90dcd82c01630c939f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4d1e57ddf9eea5da1267a453972f73117702d16c2e015693883435c7f85a4c26
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0F316D60B2875299EB019B15FD1076D23A1BB88BC5F4842369D0D1B3A8DF3CF506C755
                                                                                                                                                                                                                Function 70A173C0 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 102COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _errno
                                                                                                                                                                                                                • String ID: %s$%s,%d,0x%x,$_pytransform.c$pytransform.log
                                                                                                                                                                                                                • API String ID: 2918714741-2792274189
                                                                                                                                                                                                                • Opcode ID: a49f028bb9a30a372b869685540c965747e360c22203631066ca679595dc5414
                                                                                                                                                                                                                • Instruction ID: 3601f3991b782de414de29dcdf14ec6cd06a89726ba2ae3ffe100f171e95f696
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a49f028bb9a30a372b869685540c965747e360c22203631066ca679595dc5414
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4F419A61B2875696EB00DB12F85075D67B5BB88BC4F448226DE4E07768EF3CE942C342
                                                                                                                                                                                                                Function 70A11350 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 85stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: fprintf$_errno$fputc$fclosefreestrerror
                                                                                                                                                                                                                • String ID: %s$%s,%d,0x%x,$license.c$pytransform.log
                                                                                                                                                                                                                • API String ID: 1153345444-4157288542
                                                                                                                                                                                                                • Opcode ID: 097ec7dd370eb698f9119ff41cd353b68bad721531049dad760ca4dca8806718
                                                                                                                                                                                                                • Instruction ID: 8be9686ff7d9a37a59bda575aba7502b5f65a14094e2ce4ebadaadcb2ccd9ab4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 097ec7dd370eb698f9119ff41cd353b68bad721531049dad760ca4dca8806718
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 85318460B19716DAEB059B21EE1175C23A5BB88BC0F44822ADD0E5B7ACEF3CF545C312
                                                                                                                                                                                                                Function 70A96460 Relevance: 26.3, APIs: 9, Strings: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: FileMessageModuleName_snwprintfmalloc
                                                                                                                                                                                                                • String ID: %ws$<unknown>$Assertion failed!Program: %wsFile: %ws, Line %uExpression: %ws$MinGW Runtime Assertion$j > 0$protect.c
                                                                                                                                                                                                                • API String ID: 2604804178-2804858100
                                                                                                                                                                                                                • Opcode ID: 0b84865dfd02a5efed9f46ac5a02ef1ed22720130152a39b7af6aea051016f55
                                                                                                                                                                                                                • Instruction ID: 0cae7676f57b9b1aa686d5381e932ad5f0386894524a582c29565e5ca4791591
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b84865dfd02a5efed9f46ac5a02ef1ed22720130152a39b7af6aea051016f55
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7621E272724604C9EB119B15EA903AD62A5AF48BC0FC44129E90E5B7ACEF3CE645C348
                                                                                                                                                                                                                Function 70A340E0 Relevance: 22.9, APIs: 15, Instructions: 378COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memcpy$calloc$qsort
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3784193592-0
                                                                                                                                                                                                                • Opcode ID: eea4dcc1b1766315c20184de3c126d1b323d1820373a2326a198f5f8baf229de
                                                                                                                                                                                                                • Instruction ID: d720f20fec19250ac8457cd07a20b3372c131ff30555a17fa5c2e5b6289c531b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: eea4dcc1b1766315c20184de3c126d1b323d1820373a2326a198f5f8baf229de
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 69D134F27142A08BCB06CB51DC5469EBBA6F749BC9FC68515EA070B309DB79ED89C700
                                                                                                                                                                                                                Function 70A2ED20 Relevance: 21.3, APIs: 5, Strings: 9, Instructions: 319COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: callocfree
                                                                                                                                                                                                                • String ID: A != NULL$B != NULL$C != NULL$P != NULL$kA != NULL$kB != NULL$modulus != NULL$src/pk/ecc/ltc_ecc_map.c$src/pk/ecc/ltc_ecc_mul2add.c
                                                                                                                                                                                                                • API String ID: 306872129-190324370
                                                                                                                                                                                                                • Opcode ID: 63ee357e4c7f4e6535422577729b08799d49b0001440abaf454e4fdab3fd8e84
                                                                                                                                                                                                                • Instruction ID: 668afb015e7757982c0d0347ae84e10e60dfab1742556132ab79f3204d6cebbc
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 63ee357e4c7f4e6535422577729b08799d49b0001440abaf454e4fdab3fd8e84
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C1C1AB32608A85CADB20DF22E90479E6765F7C8BD6F514136EE8E97718EF78C844C700
                                                                                                                                                                                                                Function 70A30C10 Relevance: 21.3, APIs: 9, Strings: 5, Instructions: 254COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: free$memcmp$malloc
                                                                                                                                                                                                                • String ID: hash != NULL$key != NULL$sig != NULL$src/pk/rsa/rsa_verify_hash.c$stat != NULL
                                                                                                                                                                                                                • API String ID: 2896619906-237625700
                                                                                                                                                                                                                • Opcode ID: 93ef56e25def7a6680f6fea3de1857e5252392c2673cf2d9173d5e84dea47cd9
                                                                                                                                                                                                                • Instruction ID: ef3c62d2dff8f2e3e6e7e17da0aa66db08175733310d73b62dd9ea8faa914e77
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 93ef56e25def7a6680f6fea3de1857e5252392c2673cf2d9173d5e84dea47cd9
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 89B1CD726086848AD760CF01E554B8FF7A0F7887C8F904525EE8A87B5CDB7DE989CB40
                                                                                                                                                                                                                Function 70A2FF60 Relevance: 18.5, APIs: 2, Strings: 10, Instructions: 483COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: in != NULL$key != NULL$key != NULL$key != NULL$ltc_mp.name != NULL$ltc_mp.name != NULL$size > 0$src/pk/rsa/rsa_free.c$src/pk/rsa/rsa_import.c$src/pk/rsa/rsa_make_key.c
                                                                                                                                                                                                                • API String ID: 0-606996012
                                                                                                                                                                                                                • Opcode ID: 69b99cfcc3cddb29e6f35f91677c9278315488088306450caadb0fba7eed45e0
                                                                                                                                                                                                                • Instruction ID: 7b6c3c2240e03c6e4402d94ade7d92132c9727d52605580dc3721738ddb2f895
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 69b99cfcc3cddb29e6f35f91677c9278315488088306450caadb0fba7eed45e0
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C1220A72208B8586D760CF21E45478EB7B5F788B88F504126EF8A87B5CDF79D589CB40
                                                                                                                                                                                                                Function 70A953B0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 283memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • VirtualProtect.KERNEL32(?,?,?,?,?,?,70A01278), ref: 70A954DD
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • Unknown pseudo relocation protocol version %d., xrefs: 70A9565E
                                                                                                                                                                                                                • Unknown pseudo relocation bit size %d., xrefs: 70A9564A
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.
                                                                                                                                                                                                                • API String ID: 544645111-395989641
                                                                                                                                                                                                                • Opcode ID: 339c15d006511560339925f517702310dc680788fc153389e1eef27aa90dbf79
                                                                                                                                                                                                                • Instruction ID: c2c6cd297b62b67af0e8b0a24ea547c163ad2cc1381ce71c66efa484693f7156
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 339c15d006511560339925f517702310dc680788fc153389e1eef27aa90dbf79
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D0915C71B301408AEF1587B6D98274D63E3FB487A4FA48515DF1E8B7ACDA3DD9828708
                                                                                                                                                                                                                Function 70A2D210 Relevance: 16.6, APIs: 8, Strings: 3, Instructions: 99stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: strcmp
                                                                                                                                                                                                                • String ID: 3des$name != NULL$src/misc/crypt/crypt_find_hash.c
                                                                                                                                                                                                                • API String ID: 1004003707-2898822856
                                                                                                                                                                                                                • Opcode ID: 464357bab5226c83230ff7ddc98dea84ff7d6811791d22299b2bc95c1f275a7e
                                                                                                                                                                                                                • Instruction ID: 5022d37041c2fbf0fcf86327de083f34fbc634a46c5a561c130f4ceb8ae49d10
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 464357bab5226c83230ff7ddc98dea84ff7d6811791d22299b2bc95c1f275a7e
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D231726234628689DE15CB52E7947FD6361EF887D6F4081289E0B8F949DF18E50BC351
                                                                                                                                                                                                                Function 70A226B0 Relevance: 16.6, APIs: 11, Instructions: 86memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$Process$AdaptersAddressesFree$Allocinet_ntoa
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1708681428-0
                                                                                                                                                                                                                • Opcode ID: 4f5458f5089b5a7e86f07b6741ba0edd552bcacc8860df83db74114d2a597805
                                                                                                                                                                                                                • Instruction ID: d4e88b45d54be817ce87f14d87ca7e29a9b9b7d57c5dde50ed2d03b06efca719
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4f5458f5089b5a7e86f07b6741ba0edd552bcacc8860df83db74114d2a597805
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3D21E2217086549AE704DBB6FD11B1F67A2BBC8BD5F04823AAE0D577A8DE3CE5418700
                                                                                                                                                                                                                Function 70A22A90 Relevance: 16.6, APIs: 11, Instructions: 78memorynetworkCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Heap$Process$Free$Alloc$NetworkParams
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3483679945-0
                                                                                                                                                                                                                • Opcode ID: 36608fc77a87cb34de43f92055041f1a1aaff40ac3dd4ab04145464c7a4fbbcb
                                                                                                                                                                                                                • Instruction ID: 4bab2a93c6f0099debb89e4662b31fead0e755f2839724a4dbe2546530b70343
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 36608fc77a87cb34de43f92055041f1a1aaff40ac3dd4ab04145464c7a4fbbcb
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D311571170560568DA15EBB3FD1076E97922FCDBE4F488236AD2D973ACEE3CE5028310
                                                                                                                                                                                                                Function 70A14CF0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 189stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: strrchr
                                                                                                                                                                                                                • String ID: <frozen %s$__init__.py
                                                                                                                                                                                                                • API String ID: 3418686817-1237021342
                                                                                                                                                                                                                • Opcode ID: 439e6feb79bed36a256749ea8ae4fe06bb98eb112d7af6dde0f67c8bdea58851
                                                                                                                                                                                                                • Instruction ID: 9c19d6ea131b4973b6fc81154cacc5f76206a33d24a75c2d4fbb7ded33e5ea40
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 439e6feb79bed36a256749ea8ae4fe06bb98eb112d7af6dde0f67c8bdea58851
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 965128123156955AEF118F26E5007DD6771B789FC8F888425EE4A1B78CFA7CD686C310
                                                                                                                                                                                                                Function 70A95900 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: signal
                                                                                                                                                                                                                • String ID: CCG
                                                                                                                                                                                                                • API String ID: 1946981877-1584390748
                                                                                                                                                                                                                • Opcode ID: 727af3ef836dd6ac1d00c635e4c77c9315162afd1b24af48d1e8e889c9b87ffe
                                                                                                                                                                                                                • Instruction ID: ebb13e2c12078f6e1431d13dcf628bbebaa3c901337a66821697bb7e28559f4b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 727af3ef836dd6ac1d00c635e4c77c9315162afd1b24af48d1e8e889c9b87ffe
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B73170607341008AFF25427A85A732C11D6AB8D3B8F25871A996F873FCCD19DCC5531E
                                                                                                                                                                                                                Function 00007FFBAA058300 Relevance: 15.3, APIs: 2, Strings: 8, Instructions: 331COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700455257.00007FFBAA021000.00000020.00000001.01000000.0000002E.sdmp, Offset: 00007FFBAA020000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700426890.00007FFBAA020000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700555846.00007FFBAA142000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700614973.00007FFBAA16E000.00000004.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700646422.00007FFBAA173000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ffbaa020000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                • String ID: %!.15g$%02x$%lld$'%.*q'$-- $?$NULL$zeroblob(%d)
                                                                                                                                                                                                                • API String ID: 3510742995-875588658
                                                                                                                                                                                                                • Opcode ID: b8a68578114fdc0c3c8e0b0a3d78c34862a88fbc955bf93423943a7aa6e1270a
                                                                                                                                                                                                                • Instruction ID: b8f912caec8b4f951ca6460310a8d4f9c8401383041351f55d9fb286c93a7360
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b8a68578114fdc0c3c8e0b0a3d78c34862a88fbc955bf93423943a7aa6e1270a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: AEE1A2B2F0A647CAFB32CB74D4503BE27A8AB04748F048176DE0E52695DE3CE45AD760
                                                                                                                                                                                                                Function 70A2D690 Relevance: 15.2, APIs: 8, Strings: 2, Instructions: 177COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • hash != NULL, xrefs: 70A2D8FE
                                                                                                                                                                                                                • src/misc/crypt/crypt_register_hash.c, xrefs: 70A2D8F7
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memcmp
                                                                                                                                                                                                                • String ID: hash != NULL$src/misc/crypt/crypt_register_hash.c
                                                                                                                                                                                                                • API String ID: 1475443563-1465673959
                                                                                                                                                                                                                • Opcode ID: d074f32d5c0fa2d950b386af87f01a1331de20546da92a036df862c2cae5b56c
                                                                                                                                                                                                                • Instruction ID: 24c3099d925a3f908a11c372cc841be4996ae8772903ec2a6ce8e291755bc9ee
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d074f32d5c0fa2d950b386af87f01a1331de20546da92a036df862c2cae5b56c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1D616C3331074486E750CB26E984B9E73A8F788BD8F508029DF8A87758DF39E55AC354
                                                                                                                                                                                                                Function 70A2D920 Relevance: 15.2, APIs: 8, Strings: 2, Instructions: 158COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • src/misc/crypt/crypt_register_prng.c, xrefs: 70A2DB4F
                                                                                                                                                                                                                • prng != NULL, xrefs: 70A2DB56
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memcmp
                                                                                                                                                                                                                • String ID: prng != NULL$src/misc/crypt/crypt_register_prng.c
                                                                                                                                                                                                                • API String ID: 1475443563-58737364
                                                                                                                                                                                                                • Opcode ID: 218bb2839e06c975f6307cab8145e91dec6a6cee5752b9f46463fe2b4326b6a8
                                                                                                                                                                                                                • Instruction ID: 3ccd453ff670c1ed31a4aeeeada7202f50ff79498c82cb23fdcee01ac5c328f5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 218bb2839e06c975f6307cab8145e91dec6a6cee5752b9f46463fe2b4326b6a8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DC518E33310B9496D750CF12E984B9E7368F788BC5F45413ADF5A83644EB78E559C710
                                                                                                                                                                                                                Function 70A2D360 Relevance: 15.1, APIs: 8, Strings: 2, Instructions: 108stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: strcmp
                                                                                                                                                                                                                • String ID: name != NULL$src/misc/crypt/crypt_find_prng.c
                                                                                                                                                                                                                • API String ID: 1004003707-2030105502
                                                                                                                                                                                                                • Opcode ID: 5cbf8aaeb0cf756e4082b2c299a9473fdef5e9414b9ec32f93ee8afcfb714adf
                                                                                                                                                                                                                • Instruction ID: ba21aaf8fab1174460ad14d804765318f2b421dabd07186d6a53c9d6848ec903
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5cbf8aaeb0cf756e4082b2c299a9473fdef5e9414b9ec32f93ee8afcfb714adf
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E731B3A334264649EE14DE62E7D43BD6361EF89BC6F0041389E4B8B95DDB28E50BC351
                                                                                                                                                                                                                Function 70A2D0C0 Relevance: 15.1, APIs: 8, Strings: 2, Instructions: 99stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • src/misc/crypt/crypt_find_cipher.c, xrefs: 70A2D1F1
                                                                                                                                                                                                                • name != NULL, xrefs: 70A2D1F8
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: strcmp
                                                                                                                                                                                                                • String ID: name != NULL$src/misc/crypt/crypt_find_cipher.c
                                                                                                                                                                                                                • API String ID: 1004003707-679692990
                                                                                                                                                                                                                • Opcode ID: 15c8e9be63cb7d01a88cd149f8cb9d390188a247097153960caf0327d89c631a
                                                                                                                                                                                                                • Instruction ID: 1e8da41a102762bd96b7f0ba5eb90a4823bb3e01260c1154a898f8d1a70a0a3d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 15c8e9be63cb7d01a88cd149f8cb9d390188a247097153960caf0327d89c631a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4C31846334618689EF14CA52AF957BD6361EF89BC5F008239DE0B8BD5DDB18D60BC350
                                                                                                                                                                                                                Function 70A3C910 Relevance: 13.7, APIs: 6, Strings: 3, Instructions: 168COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: malloc
                                                                                                                                                                                                                • String ID: mask != NULL$seed != NULL$src/pk/pkcs1/pkcs_1_mgf1.c
                                                                                                                                                                                                                • API String ID: 2803490479-2931318352
                                                                                                                                                                                                                • Opcode ID: a41bf6304092f0e12ee6b2b48442d8b4c607de8f101fac0571f231d182ff6aa5
                                                                                                                                                                                                                • Instruction ID: 9a0b2ca27a94c3b9f6e7c6f4008649c6dc24744ae5db97d4a56896b3e8a56bbc
                                                                                                                                                                                                                • Opcode Fuzzy Hash: a41bf6304092f0e12ee6b2b48442d8b4c607de8f101fac0571f231d182ff6aa5
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 98512772B181944ADB12CF31AD1577EFBA2EB49BC4F858018DE4B47A0DEB39D905C710
                                                                                                                                                                                                                Function 70A06D50 Relevance: 12.5, APIs: 3, Strings: 5, Instructions: 485COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • <lambda>, xrefs: 70A06DF0
                                                                                                                                                                                                                • lambda_, xrefs: 70A06E13
                                                                                                                                                                                                                • obfmode.c, xrefs: 70A07450
                                                                                                                                                                                                                • The function '%s' could not be obufscated with advanced mode 2, insert one redundant line '[None, None]' at the beginning of this function to fix it, xrefs: 70A072FA
                                                                                                                                                                                                                • code, xrefs: 70A07457
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                • String ID: <lambda>$The function '%s' could not be obufscated with advanced mode 2, insert one redundant line '[None, None]' at the beginning of this function to fix it$code$lambda_$obfmode.c
                                                                                                                                                                                                                • API String ID: 3510742995-709486575
                                                                                                                                                                                                                • Opcode ID: c4716056c2122c0a339fa145195c923bf375f4e1c5816e5f35935589c52cb295
                                                                                                                                                                                                                • Instruction ID: 69ca25bbf8cbcc539b5eabc4761f5a7e7bf4c28ccf3e759263da0b8e627adb18
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c4716056c2122c0a339fa145195c923bf375f4e1c5816e5f35935589c52cb295
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E112E332F09A84C6DB11CB25F9407AD77A1F789B90F108616EE5A47B6CEB3CD545CB00
                                                                                                                                                                                                                Function 70A07980 Relevance: 12.3, APIs: 3, Strings: 5, Instructions: 275stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: strlenstrstr
                                                                                                                                                                                                                • String ID: <lambda>$co_names$code$lambda_$obfmode.c
                                                                                                                                                                                                                • API String ID: 2393776628-2864150894
                                                                                                                                                                                                                • Opcode ID: fa60d14edacd4303a7aef9ee630c0b1a42870550b28da1bd2770e74e85f5b7b7
                                                                                                                                                                                                                • Instruction ID: 28718279c2b9c6404c55f553674a8bc5d2bc9fea9dbb9fdeefb8f945cc3b1021
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fa60d14edacd4303a7aef9ee630c0b1a42870550b28da1bd2770e74e85f5b7b7
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 11B1AE62B19B88C5EB11CB12F94176D67A0FB9ABC4F444625DE8E07768EF3CE645C700
                                                                                                                                                                                                                Function 70A30830 Relevance: 12.2, APIs: 3, Strings: 5, Instructions: 196COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: in != NULL$key != NULL$out != NULL$outlen != NULL$src/pk/rsa/rsa_sign_hash.c
                                                                                                                                                                                                                • API String ID: 0-3034240082
                                                                                                                                                                                                                • Opcode ID: 5bd07b897cf90f6f89350b3f5f6255c2338198fd783aa3f6e7c238f845e7bfaa
                                                                                                                                                                                                                • Instruction ID: bcea12ab981edad99553476f61774d495beecea19f77f84b1acdba4803a9438a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5bd07b897cf90f6f89350b3f5f6255c2338198fd783aa3f6e7c238f845e7bfaa
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 378139726086C48AE720CF11E564B9EB7A4F388788F904525EE8A97B5CDB3DD544CF40
                                                                                                                                                                                                                Function 70A33110 Relevance: 12.1, APIs: 4, Strings: 4, Instructions: 127COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: callocfree
                                                                                                                                                                                                                • String ID: in != NULL$inlen != 0$public_key_len != NULL$src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c
                                                                                                                                                                                                                • API String ID: 306872129-3913984646
                                                                                                                                                                                                                • Opcode ID: 662745629ee3902020316fb88a8a62945f6c4869adbd1b4081a0a8de014e681b
                                                                                                                                                                                                                • Instruction ID: 2ad7212aa4f239297713717a90a29d011b25a8a2cd5a5885b511abf1fb35dcae
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 662745629ee3902020316fb88a8a62945f6c4869adbd1b4081a0a8de014e681b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 144168727182C08AEB718B56E9407DEB6A5F7D8384F80421A9E8A47B5CDB7CD545CB40
                                                                                                                                                                                                                Function 70A03940 Relevance: 12.1, APIs: 3, Strings: 5, Instructions: 75COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: sprintf$malloc
                                                                                                                                                                                                                • String ID: %s%s$', %d)$(__name__, __file__, b'$\x%02x$__pyarmor__
                                                                                                                                                                                                                • API String ID: 1197820334-965320081
                                                                                                                                                                                                                • Opcode ID: 5127fce4ec5a67789d686ae6a14468ce0f27d91af1717806ed083a98e976e436
                                                                                                                                                                                                                • Instruction ID: 80f78f282403ac8426d36abc0e1a6a37d9d526a3a805298e8854f25e872aca88
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5127fce4ec5a67789d686ae6a14468ce0f27d91af1717806ed083a98e976e436
                                                                                                                                                                                                                • Instruction Fuzzy Hash: B5210527B2161AA6DF04CB16EE007AD2755FB49BD8F848621DE4E57318EA3CF84BC300
                                                                                                                                                                                                                Function 70A951B0 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 156COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • Address %p has no image-section, xrefs: 70A95399
                                                                                                                                                                                                                • VirtualProtect failed with code 0x%x, xrefs: 70A9533A
                                                                                                                                                                                                                • VirtualQuery failed for %d bytes at address %p, xrefs: 70A95388
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: QueryVirtual
                                                                                                                                                                                                                • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section
                                                                                                                                                                                                                • API String ID: 1804819252-2123141913
                                                                                                                                                                                                                • Opcode ID: 45c7f9d79dc437a4fbeb1dfdcba53b9c7f362df38b7f26e5502aa6f87964a70d
                                                                                                                                                                                                                • Instruction ID: ced9c986f56f9a87b9941e0458fc4f1a6d41a72cecf00f27e5810157421442ad
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 45c7f9d79dc437a4fbeb1dfdcba53b9c7f362df38b7f26e5502aa6f87964a70d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5451B172B21B40CADB118F36E94279D77E5B748BA4F448215EE1E4B3ACDB38DA41C708
                                                                                                                                                                                                                Function 70A965A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 137stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _stat64$freemallocstrlen
                                                                                                                                                                                                                • String ID: <unknown>
                                                                                                                                                                                                                • API String ID: 2817875163-1574992787
                                                                                                                                                                                                                • Opcode ID: 5de89a2566f29d22f67eb05d831bfbd7b4597e754e1c9548bbcdaf0f3e37cb61
                                                                                                                                                                                                                • Instruction ID: fcff6864f94721808232cda1c4283ee35a4e7d54a35b92fa3991a0573792f53d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5de89a2566f29d22f67eb05d831bfbd7b4597e754e1c9548bbcdaf0f3e37cb61
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2D51F26232879089DB198F22D08136E77F6EF4DB99F14801AEB860775CD73EC849CB59
                                                                                                                                                                                                                Function 00007FFBAA076B20 Relevance: 9.3, APIs: 2, Strings: 4, Instructions: 297COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700455257.00007FFBAA021000.00000020.00000001.01000000.0000002E.sdmp, Offset: 00007FFBAA020000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700426890.00007FFBAA020000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700555846.00007FFBAA142000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700614973.00007FFBAA16E000.00000004.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700646422.00007FFBAA173000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ffbaa020000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memcpymemset
                                                                                                                                                                                                                • String ID: %.*s%s$%s at line %d of [%.10s]$872ba256cbf61d9290b571c0e6d82a20c224ca3ad82971edc46b29818d5d17a0$database corruption
                                                                                                                                                                                                                • API String ID: 1297977491-1014834771
                                                                                                                                                                                                                • Opcode ID: 8d4745f6b3a223a3a634125f84489ece57180a98a4d86d5b6dd21bccb322d3bb
                                                                                                                                                                                                                • Instruction ID: 4266748a1b2c15ac9ba2cc4eac165a87c39040d4162b15c55dd5debf81ba0800
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8d4745f6b3a223a3a634125f84489ece57180a98a4d86d5b6dd21bccb322d3bb
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 15C1D3A1E0AA87C1EA778B25D5502B9A398FF45B84F444076DE4E47791CF3DF8A6C320
                                                                                                                                                                                                                Function 00007FFBAA042AC0 Relevance: 9.3, APIs: 3, Strings: 3, Instructions: 268COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700455257.00007FFBAA021000.00000020.00000001.01000000.0000002E.sdmp, Offset: 00007FFBAA020000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700426890.00007FFBAA020000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700555846.00007FFBAA142000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700614973.00007FFBAA16E000.00000004.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700646422.00007FFBAA173000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ffbaa020000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$872ba256cbf61d9290b571c0e6d82a20c224ca3ad82971edc46b29818d5d17a0$database corruption
                                                                                                                                                                                                                • API String ID: 0-2677786666
                                                                                                                                                                                                                • Opcode ID: ac5c9069f6bf81746269997d4274784afd216d98bc100d78f673ecab4f845917
                                                                                                                                                                                                                • Instruction ID: ad8608b3d30533275faa50e644a212514c1d8487ef15538ccb40ec5dd0efe0c3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ac5c9069f6bf81746269997d4274784afd216d98bc100d78f673ecab4f845917
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D5B1BDB6B09686CBD762CB2AE054A6AB7ACFB48B80F414075DF4D43B45DF38E452C750
                                                                                                                                                                                                                Function 00007FFBAA0A4B80 Relevance: 9.3, APIs: 3, Strings: 3, Instructions: 262COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700455257.00007FFBAA021000.00000020.00000001.01000000.0000002E.sdmp, Offset: 00007FFBAA020000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700426890.00007FFBAA020000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700555846.00007FFBAA142000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700614973.00007FFBAA16E000.00000004.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700646422.00007FFBAA173000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ffbaa020000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                • String ID: %s.%s$column%d$rowid
                                                                                                                                                                                                                • API String ID: 3510742995-1505470444
                                                                                                                                                                                                                • Opcode ID: ee6dc5c437e6e41e11f38b7da21d15006c00178229882f643fbc8254b996d00f
                                                                                                                                                                                                                • Instruction ID: f534623535c03b1fa8e84c134e50272a624f9a330005a74b25a6a530fad21993
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ee6dc5c437e6e41e11f38b7da21d15006c00178229882f643fbc8254b996d00f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 69C190BAA0AB86C6EB72CB25D0503A963A8FB44B94F144275DF9D07795CF3DE462C310
                                                                                                                                                                                                                Function 70A0EE30 Relevance: 9.2, APIs: 2, Strings: 4, Instructions: 220COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: Internal buffer error$This function could not be called from the plain script$code$obfmode.c
                                                                                                                                                                                                                • API String ID: 0-1583419685
                                                                                                                                                                                                                • Opcode ID: 9a9588439eea7ecd58c56589ada3d3bc3db08017a881e08a403e04b43008c196
                                                                                                                                                                                                                • Instruction ID: d6031a9ed4d2aa6d2614b9b967fee086bbfa1c3a210942416ca5464a5648e8d7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9a9588439eea7ecd58c56589ada3d3bc3db08017a881e08a403e04b43008c196
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DCA17B72A1AA49D5EB01CF15FD903593360F799B85F404A26DE5E47B28EF3CEA89C700
                                                                                                                                                                                                                Function 00007FFBAA073300 Relevance: 9.2, APIs: 3, Strings: 3, Instructions: 215COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700455257.00007FFBAA021000.00000020.00000001.01000000.0000002E.sdmp, Offset: 00007FFBAA020000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700426890.00007FFBAA020000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700555846.00007FFBAA142000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700614973.00007FFBAA16E000.00000004.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700646422.00007FFBAA173000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ffbaa020000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memcpy$memset
                                                                                                                                                                                                                • String ID: Cannot add a column to a view$sqlite_altertab_%s$virtual tables may not be altered
                                                                                                                                                                                                                • API String ID: 438689982-2063813899
                                                                                                                                                                                                                • Opcode ID: d11dd66c5a0fa9f9d887de5a378ba8509183e7b6ff50bd251f412d23de0f6c93
                                                                                                                                                                                                                • Instruction ID: 8d8c82f2c0722a10d5975bdd90a16c9efa47a86c11740232366bc34f2a66bbec
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d11dd66c5a0fa9f9d887de5a378ba8509183e7b6ff50bd251f412d23de0f6c93
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F891E3A2A0AB82C2EB62CF25D0146B977A9FB44B80F459275DF8D17744DF3CE066C710
                                                                                                                                                                                                                Function 70A22F50 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 109stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: sprintf$strlen
                                                                                                                                                                                                                • String ID: /%d:$No any serial number of harddisk got$platforms/windows/hdinfo.c
                                                                                                                                                                                                                • API String ID: 3793847852-3769243694
                                                                                                                                                                                                                • Opcode ID: e0123901aed77ea2fe2f5641d07ce66e0622fcb6e6c2f62f9897630a9412305b
                                                                                                                                                                                                                • Instruction ID: cbc323ae52ea0bdf9f25663119b11b9115762730303c812b22a661c2600b351c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e0123901aed77ea2fe2f5641d07ce66e0622fcb6e6c2f62f9897630a9412305b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3A318263F190506DEB118739FD503AD6762A7CABE2F588231DD26477DCD53989D6C300
                                                                                                                                                                                                                Function 70A04900 Relevance: 9.1, APIs: 6, Instructions: 76COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: fclose$freefseekmalloc
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1339445139-0
                                                                                                                                                                                                                • Opcode ID: fb2f067e3bd81d461955686dc85af8f3ef903c9814697262ba01f1c5ab3d79fd
                                                                                                                                                                                                                • Instruction ID: 7a6d6b822305b16d9c389cc4b79372be7958b175777b5c4273f4cb1ab30257f1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fb2f067e3bd81d461955686dc85af8f3ef903c9814697262ba01f1c5ab3d79fd
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 73110A537212290CEE55AB673F1236F42C25FC9BE1F088630AD1E4779CFC78A4818305
                                                                                                                                                                                                                Function 70A024C0 Relevance: 9.0, APIs: 3, Strings: 3, Instructions: 40stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: strlen$malloc
                                                                                                                                                                                                                • String ID: %s%c%s$\$license.lic
                                                                                                                                                                                                                • API String ID: 3157260142-3068191871
                                                                                                                                                                                                                • Opcode ID: 5adf3f5d1d35b6e4926f7a2d288f8e1a1b5244bf19ebae5aa32487b9d187c434
                                                                                                                                                                                                                • Instruction ID: 8b429b5fcf0b8b155993a3a6f3c5f391319645be3028a3ff2655cde564351edb
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5adf3f5d1d35b6e4926f7a2d288f8e1a1b5244bf19ebae5aa32487b9d187c434
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1EF02422B5134888EC128B02BE0139DA398AF89BE4F8C81305E0E07768FA3CE5868344
                                                                                                                                                                                                                Function 00007FFBAA047EF0 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 193COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700455257.00007FFBAA021000.00000020.00000001.01000000.0000002E.sdmp, Offset: 00007FFBAA020000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700426890.00007FFBAA020000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700555846.00007FFBAA142000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700614973.00007FFBAA16E000.00000004.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700646422.00007FFBAA173000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ffbaa020000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$872ba256cbf61d9290b571c0e6d82a20c224ca3ad82971edc46b29818d5d17a0$database corruption
                                                                                                                                                                                                                • API String ID: 3510742995-2677786666
                                                                                                                                                                                                                • Opcode ID: 42918bc20539d5534936ad6f8b637d819e592574dec9afc854a3064ab537a450
                                                                                                                                                                                                                • Instruction ID: 17bb34e2ec6a2e4109a370aeca3ce9d9bf191c2a6ba36e0cf9b8f33733380654
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 42918bc20539d5534936ad6f8b637d819e592574dec9afc854a3064ab537a450
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF81CEB2A09682D7E7A29B25D4447BA7BACF744B84F008076DF4D43791DF38E46AC750
                                                                                                                                                                                                                Function 00007FFBAA045980 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 153COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700455257.00007FFBAA021000.00000020.00000001.01000000.0000002E.sdmp, Offset: 00007FFBAA020000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700426890.00007FFBAA020000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700555846.00007FFBAA142000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700614973.00007FFBAA16E000.00000004.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700646422.00007FFBAA173000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ffbaa020000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$872ba256cbf61d9290b571c0e6d82a20c224ca3ad82971edc46b29818d5d17a0$database corruption
                                                                                                                                                                                                                • API String ID: 3510742995-2677786666
                                                                                                                                                                                                                • Opcode ID: 0e8511c4ff6f4363e149fe27dafdbb8980f4b26d30f16a3825fe71258c14373d
                                                                                                                                                                                                                • Instruction ID: 8889620bf65ec083e32c0707a3e0b79ece1cc1654dc79a353f5eda78ec66430e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0e8511c4ff6f4363e149fe27dafdbb8980f4b26d30f16a3825fe71258c14373d
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0A5103B2609BC2C6CB21CB25E4445AEBB68F758B84F14417AEF8E43754DB3CE466C760
                                                                                                                                                                                                                Function 00007FFBAA02BBE0 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 110COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700455257.00007FFBAA021000.00000020.00000001.01000000.0000002E.sdmp, Offset: 00007FFBAA020000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700426890.00007FFBAA020000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700555846.00007FFBAA142000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700614973.00007FFBAA16E000.00000004.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700646422.00007FFBAA173000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ffbaa020000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memcpy$memset
                                                                                                                                                                                                                • String ID: delayed %dms for lock/sharing conflict at line %d$winRead
                                                                                                                                                                                                                • API String ID: 438689982-1843600136
                                                                                                                                                                                                                • Opcode ID: 2a47b2aa71f1d006452051ea17b5909aee1238fc463dfa77707cf52006df2449
                                                                                                                                                                                                                • Instruction ID: 292c6349c2e4ca56e2e4d5763f89c4a0ad3327cca5f6bad48a3cc48777826cca
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2a47b2aa71f1d006452051ea17b5909aee1238fc463dfa77707cf52006df2449
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A441F0B2A0AB43C2E2639F39E4404A97769FB86780F640176EF9D47690DF3CE45B8750
                                                                                                                                                                                                                Function 70A32330 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: N != NULL$src/math/rand_prime.c
                                                                                                                                                                                                                • API String ID: 0-3192267683
                                                                                                                                                                                                                • Opcode ID: 5d8379644c24468e21ca846d65688a4a95fb3662f13fd0de23da40a808fbdf48
                                                                                                                                                                                                                • Instruction ID: e83ab51073c3498109e51c549f92599b95bb0d356d7a6343acc4c200262eb79b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d8379644c24468e21ca846d65688a4a95fb3662f13fd0de23da40a808fbdf48
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1331277270425485E7118B16F84479EABA5F789FD8FC44125EE4E8BB6CDB3CC586C700
                                                                                                                                                                                                                Function 70A94EF0 Relevance: 7.6, APIs: 5, Instructions: 56timethreadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetSystemTimeAsFileTime.KERNEL32 ref: 70A94F35
                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 70A94F40
                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 70A94F49
                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 70A94F51
                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32 ref: 70A94F5E
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1445889803-0
                                                                                                                                                                                                                • Opcode ID: f5d87bf7f0e3f8bbfa70d4cf8d71db31ffcf3f5bb4ca7de3311258b585774c07
                                                                                                                                                                                                                • Instruction ID: e623e904c34ab3bce6138c36496c50d5c53e7756fe3b0b097cc6faa774dd11a2
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f5d87bf7f0e3f8bbfa70d4cf8d71db31ffcf3f5bb4ca7de3311258b585774c07
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 43119126B29B1186FB119B21F90431973A0B748BB5F0817319E9D43BA8DF3CE5868704
                                                                                                                                                                                                                Function 70A024D6 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 26stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: strlen$malloc
                                                                                                                                                                                                                • String ID: %s%c%s$\
                                                                                                                                                                                                                • API String ID: 3157260142-3534329225
                                                                                                                                                                                                                • Opcode ID: d29d0c8999ea75dd5e949018dc17c002143faed2992bcdbd30759a4d41fb7843
                                                                                                                                                                                                                • Instruction ID: d0c969897b5a35f87c69745b3451d3a9bc0593bc9381023adeec69f8b9af8d08
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d29d0c8999ea75dd5e949018dc17c002143faed2992bcdbd30759a4d41fb7843
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DAE0D8617513444DDD15DB02BE1125DA2C49F89BD8F8C81345D4E13B68EE3CF1868744
                                                                                                                                                                                                                Function 70A73900 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 233fileCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: abortfwrite
                                                                                                                                                                                                                • String ID: '$illegal index register
                                                                                                                                                                                                                • API String ID: 1067672060-451399654
                                                                                                                                                                                                                • Opcode ID: b5513bfd8cfe42802b2ec78025f659bb4d839320a4c8f6a0af50cf237da25261
                                                                                                                                                                                                                • Instruction ID: 211e27df0bf59bf58fe276048d2fe8f546a4cb213ce258a45231abf7bbd364a8
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b5513bfd8cfe42802b2ec78025f659bb4d839320a4c8f6a0af50cf237da25261
                                                                                                                                                                                                                • Instruction Fuzzy Hash: C3917E73619B89C4DB128F3DE850A4C7F65E399F88B9AD112CB4D47718CA7EC856C311
                                                                                                                                                                                                                Function 00007FFBAA022330 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 180COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700455257.00007FFBAA021000.00000020.00000001.01000000.0000002E.sdmp, Offset: 00007FFBAA020000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700426890.00007FFBAA020000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700555846.00007FFBAA142000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700614973.00007FFBAA16E000.00000004.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700646422.00007FFBAA173000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ffbaa020000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _localtime64_s
                                                                                                                                                                                                                • String ID: $-$ilable
                                                                                                                                                                                                                • API String ID: 4067328638-1697327243
                                                                                                                                                                                                                • Opcode ID: 81e07dfa4c6ab265734a713e272daf41d9dea0f3adc8e43d89ad5ef0e45d3bc9
                                                                                                                                                                                                                • Instruction ID: e472a9f4a52e47c66cf98397cc1fd745e61891cec9de4ad08bbece8c0f5d6437
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 81e07dfa4c6ab265734a713e272daf41d9dea0f3adc8e43d89ad5ef0e45d3bc9
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F78134B2F19642CEE717CF38C8613B833A8EB58748F048235DE0D56695EB38E196C750
                                                                                                                                                                                                                Function 70A0FEA0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 109COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • This function could not be called from the plain script, xrefs: 70A10038
                                                                                                                                                                                                                • Invalid license, xrefs: 70A10017
                                                                                                                                                                                                                • Internal buffer error, xrefs: 70A10067
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: _time64
                                                                                                                                                                                                                • String ID: Internal buffer error$Invalid license$This function could not be called from the plain script
                                                                                                                                                                                                                • API String ID: 1670930206-992726897
                                                                                                                                                                                                                • Opcode ID: e1ab7cfaf49cd4123e19af3f7a37b6dc203b4641975dd2cfe730abcce2f650ac
                                                                                                                                                                                                                • Instruction ID: 489246572c47e82a6237a046f2aebc35bfe705fcd7f37b711a2615ceb242a141
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e1ab7cfaf49cd4123e19af3f7a37b6dc203b4641975dd2cfe730abcce2f650ac
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5C415C32A09A0AC1EB118B25FC9035D73A4FBD9B90F544B26C94E93778EF3CD686C201
                                                                                                                                                                                                                Function 70A224D0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20windowCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • platforms/windows/hdinfo.c, xrefs: 70A22510
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                                                                                                                                • String ID: platforms/windows/hdinfo.c
                                                                                                                                                                                                                • API String ID: 1365068426-3843089204
                                                                                                                                                                                                                • Opcode ID: 4f9c9b38fdd8cd9d3f09ca1ccca40397f05075ae435e568d50ce60769f5b7dcc
                                                                                                                                                                                                                • Instruction ID: b24e149ccaeba68b22007b3c40073f7ee7d07bfa331f8808a028aa2af37cc9bd
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4f9c9b38fdd8cd9d3f09ca1ccca40397f05075ae435e568d50ce60769f5b7dcc
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8F06D31608E41C6E710AB11E81874BB771F3D9B85F604226EA8E43B68CF7DC24A8B40
                                                                                                                                                                                                                Function 70A96380 Relevance: 6.3, APIs: 5, Instructions: 65stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: mallocstrlen$free
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2585366504-0
                                                                                                                                                                                                                • Opcode ID: 58d88c0c37228a1656931f1eb73e7fccb26075a40cc04a475957a29712ad9711
                                                                                                                                                                                                                • Instruction ID: 320e233044c18f0d59fc071a806d672c8f310abb8660db1e1b5acbe002485e69
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 58d88c0c37228a1656931f1eb73e7fccb26075a40cc04a475957a29712ad9711
                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE1126527302A446D7199F32A6725BE6BE0DF8FFC8F44C025EE8B4771CEA289112C708
                                                                                                                                                                                                                Function 00007FFBAA0B2A80 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • memcpy.VCRUNTIME140(?,?,?,?,00000000,00000000,00000000,?,?,00007FFBAA0B2F77), ref: 00007FFBAA0B2C2B
                                                                                                                                                                                                                • memcpy.VCRUNTIME140(?,?,?,?,00000000,00000000,00000000,?,?,00007FFBAA0B2F77), ref: 00007FFBAA0B2CAE
                                                                                                                                                                                                                • memcpy.VCRUNTIME140(?,?,?,?,00000000,00000000,00000000,?,?,00007FFBAA0B2F77), ref: 00007FFBAA0B2D9B
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700455257.00007FFBAA021000.00000020.00000001.01000000.0000002E.sdmp, Offset: 00007FFBAA020000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700426890.00007FFBAA020000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700555846.00007FFBAA142000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700614973.00007FFBAA16E000.00000004.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700646422.00007FFBAA173000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ffbaa020000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                • String ID: RETURNING may not use "TABLE.*" wildcards
                                                                                                                                                                                                                • API String ID: 3510742995-2313493979
                                                                                                                                                                                                                • Opcode ID: 4a512d877c5b39019e13b6d323a625f3ab3a86800b005220a9bb18b3cfc3292c
                                                                                                                                                                                                                • Instruction ID: f15ed2749d9f972cfcc741facf84517b30b4a7dcf958431bc201e2cba76951f7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4a512d877c5b39019e13b6d323a625f3ab3a86800b005220a9bb18b3cfc3292c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7BB1C4A2A0AB82CAD722CF25D5402A977A5FB89BA4F058375DE6C077D5DF38E065C310
                                                                                                                                                                                                                Function 00007FFBAA0BAC20 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 213COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700455257.00007FFBAA021000.00000020.00000001.01000000.0000002E.sdmp, Offset: 00007FFBAA020000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700426890.00007FFBAA020000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700555846.00007FFBAA142000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700614973.00007FFBAA16E000.00000004.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700646422.00007FFBAA173000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ffbaa020000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                • String ID: AND $<expr>$rowid
                                                                                                                                                                                                                • API String ID: 3510742995-4041574714
                                                                                                                                                                                                                • Opcode ID: bd0c7782ff226b526a7867f90dc41fa0185f5ce87f01f736b30cf8b4c5d840a6
                                                                                                                                                                                                                • Instruction ID: 7835b730de71480e9e201d6c8f7592a4c813b4a3a920494770dc66c66e7567e5
                                                                                                                                                                                                                • Opcode Fuzzy Hash: bd0c7782ff226b526a7867f90dc41fa0185f5ce87f01f736b30cf8b4c5d840a6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 61A1D1B2A09643CAEB2ACF39D5905383B66EB45B94F0440B5CE0E473D4DE3CE866C760
                                                                                                                                                                                                                Function 00007FFBAA07EBC0 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 195COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700455257.00007FFBAA021000.00000020.00000001.01000000.0000002E.sdmp, Offset: 00007FFBAA020000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700426890.00007FFBAA020000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700555846.00007FFBAA142000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700614973.00007FFBAA16E000.00000004.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700646422.00007FFBAA173000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ffbaa020000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                • String ID: $, $CREATE TABLE
                                                                                                                                                                                                                • API String ID: 3510742995-3459038510
                                                                                                                                                                                                                • Opcode ID: bbc314cf973039db35cc926acdd8ec5a7d733f1ab87d91b682f96023ec5a32de
                                                                                                                                                                                                                • Instruction ID: e03bc8917d3e4a3ff41f3bb3d198de7722b7602f52c0ea3d760e02a75218375a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: bbc314cf973039db35cc926acdd8ec5a7d733f1ab87d91b682f96023ec5a32de
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8471F5B2A0AA82C6DB228F38E4402B9A7A9FB45B58F484675CE5D473D1DF3CE457C310
                                                                                                                                                                                                                Function 00007FFBAA03EAF0 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 184COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700455257.00007FFBAA021000.00000020.00000001.01000000.0000002E.sdmp, Offset: 00007FFBAA020000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700426890.00007FFBAA020000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700555846.00007FFBAA142000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700614973.00007FFBAA16E000.00000004.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700646422.00007FFBAA173000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ffbaa020000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memset
                                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$872ba256cbf61d9290b571c0e6d82a20c224ca3ad82971edc46b29818d5d17a0$database corruption
                                                                                                                                                                                                                • API String ID: 2221118986-2677786666
                                                                                                                                                                                                                • Opcode ID: ef47545407ae41bc1f4462f028f9b1cb82b63cac4e3b088ae01a3ba2bad5a11c
                                                                                                                                                                                                                • Instruction ID: fee47a394972152fb532a87c1a7bb3920f9e937818d8b1e95c5e9789ce111c76
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ef47545407ae41bc1f4462f028f9b1cb82b63cac4e3b088ae01a3ba2bad5a11c
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A7189A290E1E3C1E33BB636E1604BD7ED9E711701B0443B6EEDA436C1CA2CE5669730
                                                                                                                                                                                                                Function 00007FFBAA079FB0 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 166COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700455257.00007FFBAA021000.00000020.00000001.01000000.0000002E.sdmp, Offset: 00007FFBAA020000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700426890.00007FFBAA020000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700555846.00007FFBAA142000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700614973.00007FFBAA16E000.00000004.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700646422.00007FFBAA173000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ffbaa020000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                • String ID: cannot detach database %s$database %s is locked$no such database: %s
                                                                                                                                                                                                                • API String ID: 3510742995-1259387423
                                                                                                                                                                                                                • Opcode ID: e6417a5680584f9d175f960518237f907dca739e3f30827ddd404f4ecb0823de
                                                                                                                                                                                                                • Instruction ID: 67a7b93995a10bd6324eff4483af8664e1a6dd5ce4a1f633568851244208c490
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e6417a5680584f9d175f960518237f907dca739e3f30827ddd404f4ecb0823de
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9671A3A2A0AB46CAEB768B25D44037963A8FB44B84F048576CE5D07791DF3DF4A7C360
                                                                                                                                                                                                                Function 00007FFBAA0542CC Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 143COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700455257.00007FFBAA021000.00000020.00000001.01000000.0000002E.sdmp, Offset: 00007FFBAA020000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700426890.00007FFBAA020000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700555846.00007FFBAA142000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700614973.00007FFBAA16E000.00000004.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700646422.00007FFBAA173000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ffbaa020000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memcmp
                                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$872ba256cbf61d9290b571c0e6d82a20c224ca3ad82971edc46b29818d5d17a0$database corruption
                                                                                                                                                                                                                • API String ID: 1475443563-2677786666
                                                                                                                                                                                                                • Opcode ID: 7b14680124ecef361205455122e4c57afc1d8f0be30d5a8359e103d6bcbc0cdd
                                                                                                                                                                                                                • Instruction ID: c1466b86f52df0f39a8c7757e157d646e4c6d3fbcb91c56dc321f5ff3269eeb9
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7b14680124ecef361205455122e4c57afc1d8f0be30d5a8359e103d6bcbc0cdd
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0141F7F7A1D293C6E7278F34E4005BD7B95EB40B94F088071CF9943692DA2DE5A78720
                                                                                                                                                                                                                Function 70A01010 Relevance: 6.1, APIs: 4, Instructions: 131sleepCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Sleep_amsg_exit
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1015461914-0
                                                                                                                                                                                                                • Opcode ID: 53646180b168e37bc0d352e324a0aece84e6065f694417a0854dbf3d6e579899
                                                                                                                                                                                                                • Instruction ID: 036e4f892ff51efac41c39f430c5ac5bfcc1bf02d2e0920655c5d7c27df65b38
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 53646180b168e37bc0d352e324a0aece84e6065f694417a0854dbf3d6e579899
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9F417F32B05548C9E7078F1AF9A079A62B5B7887D4F84422AEE5D47358FF7CE9C29340
                                                                                                                                                                                                                Function 00007FFBAA045BD0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 126COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700455257.00007FFBAA021000.00000020.00000001.01000000.0000002E.sdmp, Offset: 00007FFBAA020000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700426890.00007FFBAA020000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700555846.00007FFBAA142000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700614973.00007FFBAA16E000.00000004.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700646422.00007FFBAA173000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ffbaa020000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$872ba256cbf61d9290b571c0e6d82a20c224ca3ad82971edc46b29818d5d17a0$database corruption
                                                                                                                                                                                                                • API String ID: 3510742995-2677786666
                                                                                                                                                                                                                • Opcode ID: f5fde03ac9dc548d2905ac4113750091dd633c70724a2db0e23b3b86c2582461
                                                                                                                                                                                                                • Instruction ID: 8468cb3b3594d19158a87fada83414655fa3cf29e96cf50b32dfeca8e8a2d4ba
                                                                                                                                                                                                                • Opcode Fuzzy Hash: f5fde03ac9dc548d2905ac4113750091dd633c70724a2db0e23b3b86c2582461
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB519DB6A0DBC6C6DB228F25E4402AAB7A9FB84B80F544036DE8D43B55CF3CE456C710
                                                                                                                                                                                                                Function 00007FFBAA04CF10 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 125COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1700455257.00007FFBAA021000.00000020.00000001.01000000.0000002E.sdmp, Offset: 00007FFBAA020000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700426890.00007FFBAA020000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700555846.00007FFBAA142000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700614973.00007FFBAA16E000.00000004.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1700646422.00007FFBAA173000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ffbaa020000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                • String ID: $%!.15g$-
                                                                                                                                                                                                                • API String ID: 3510742995-875264902
                                                                                                                                                                                                                • Opcode ID: 78f3cfa67c76b3c48a04ab2f8d153d08949cb64539b2a88030e77814d4ea17b6
                                                                                                                                                                                                                • Instruction ID: 94b21a19e883c2a08d6e150a39197c115d8b1c0f7a692a4ac7395234dcb3a453
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 78f3cfa67c76b3c48a04ab2f8d153d08949cb64539b2a88030e77814d4ea17b6
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 105106B2A1E682C2E7228B39E0003796B98FB45B98F144276EE9D4B795DB3DD413C710
                                                                                                                                                                                                                Function 70A32FA0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • in != NULL, xrefs: 70A330F9
                                                                                                                                                                                                                • src/pk/asn1/der/sequence/der_decode_sequence_multi.c, xrefs: 70A330F2
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: in != NULL$src/pk/asn1/der/sequence/der_decode_sequence_multi.c
                                                                                                                                                                                                                • API String ID: 0-85593093
                                                                                                                                                                                                                • Opcode ID: b971f18128fe48b8bb9e473168068a1f5e6a61681e45d46cd56ea84a0fd1bdf3
                                                                                                                                                                                                                • Instruction ID: eb7e8a576db2537b9850c904bd1e0706e9f8182c72439d5e3da0fd58c38344ec
                                                                                                                                                                                                                • Opcode Fuzzy Hash: b971f18128fe48b8bb9e473168068a1f5e6a61681e45d46cd56ea84a0fd1bdf3
                                                                                                                                                                                                                • Instruction Fuzzy Hash: FD312933B186408ADB19CF19E510B4DB265E789BD8F944128EE4E47B5DDB39D541CB00
                                                                                                                                                                                                                Function 70A145F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: freestrrchr
                                                                                                                                                                                                                • String ID: .pye
                                                                                                                                                                                                                • API String ID: 4178315289-4135401513
                                                                                                                                                                                                                • Opcode ID: d17273e83a67628eed136ef44bfe7f653d065c978a7cb02a0fea4f7d6472c0af
                                                                                                                                                                                                                • Instruction ID: 5597bfaa514befca2eed9967239c43ecdc9d8ae8cb8aef605c12d5cd0d942339
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d17273e83a67628eed136ef44bfe7f653d065c978a7cb02a0fea4f7d6472c0af
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 20110812B1521489FF059B65BD1436D53A0AB89FD5F088530DE1E47768FE3CD8C6C304
                                                                                                                                                                                                                Function 70A05440 Relevance: 5.3, APIs: 4, Instructions: 286COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3510742995-0
                                                                                                                                                                                                                • Opcode ID: 844357e0e3fdaf66b55b557e895eaca4895dc4424bb1714d2d459cc1e7947284
                                                                                                                                                                                                                • Instruction ID: 1458fb00bc27e688268c9974f704bdc73d35f768dcab5dd3191ae4570fafc89c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 844357e0e3fdaf66b55b557e895eaca4895dc4424bb1714d2d459cc1e7947284
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 60B105B26187C886CB42CB35E804A4F7FADEB05790F89C615EE5A4B39CE739C955D301
                                                                                                                                                                                                                Function 70A2D050 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • __iob_func.MSVCRT ref: 70A2D060
                                                                                                                                                                                                                • abort.MSVCRT(?,?,?,?,CA4587E7,70A2DC6F,?,?,?,?,70A02A6C), ref: 70A2D081
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                • LTC_ARGCHK '%s' failure on line %d of file %s, xrefs: 70A2D066
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: __iob_funcabort
                                                                                                                                                                                                                • String ID: LTC_ARGCHK '%s' failure on line %d of file %s
                                                                                                                                                                                                                • API String ID: 1307436159-2823265812
                                                                                                                                                                                                                • Opcode ID: 539d72766582ce3841a7e1f0d2228c2204600d3cd5414ede9323b89e3cc8baf1
                                                                                                                                                                                                                • Instruction ID: 3c9a46387d4dd623e250bdc5f4e66e26fadd665b16b3b8d30be5f7a7491526b1
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 539d72766582ce3841a7e1f0d2228c2204600d3cd5414ede9323b89e3cc8baf1
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8D05B6173465995D61067155A047595B90BB5DFD4F445210ED4C83B145B28D106C340
                                                                                                                                                                                                                Function 70A02410 Relevance: 5.0, APIs: 4, Instructions: 48stringCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ByteCharMultiWide$freestrlen
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1041141762-0
                                                                                                                                                                                                                • Opcode ID: ad294e4099f02295f2357813c19e238679c318336faa74baaf090b328041f331
                                                                                                                                                                                                                • Instruction ID: 7657683141d96642da2e915fd1b06505071c85329e96f7a2047e7f83e377e4b7
                                                                                                                                                                                                                • Opcode Fuzzy Hash: ad294e4099f02295f2357813c19e238679c318336faa74baaf090b328041f331
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 33F0F42270035449E725DB23BD41B1FA6D5BB8CBD8F4881389E4D43B68EE3CD5468304
                                                                                                                                                                                                                Function 70A95BE0 Relevance: 5.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.1693063168.0000000070A01000.00000020.00000001.01000000.00000015.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.1692992412.0000000070A00000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693170461.0000000070A97000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693228115.0000000070A98000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693334178.0000000070AF8000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693366586.0000000070B21000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693405974.0000000070B27000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693443152.0000000070B29000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693469140.0000000070B2A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693494112.0000000070B2B000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                • Associated: 00000004.00000002.1693515304.0000000070B2E000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_70a00000_Ei5hvT55El.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CriticalSection$EnterLeavefree
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 4020351045-0
                                                                                                                                                                                                                • Opcode ID: 53514f2576c33a93f94888c7a190621c108a357db63a2f10436ba914c2f820f4
                                                                                                                                                                                                                • Instruction ID: a1537baa55c5f4dddb1b342b8b21c7a8725dbea1ab280a00a165f08c7997eb80
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 53514f2576c33a93f94888c7a190621c108a357db63a2f10436ba914c2f820f4
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 22011E71B29701C6EF09CB75E99131933F1B798B90F904625C91E87328EB7CEA428304